Easter Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Google > Google Cloud Platform > Professional-Cloud-Network-Engineer

Professional-Cloud-Network-Engineer Google Cloud Certified - Professional Cloud Network Engineer Question and Answers

Question # 4

Question:

You are designing the architecture for your organization so that clients can connect to certain Google APIs. Your plan must include a way to connect to Cloud Storage and BigQuery. You also need to ensure the traffic does not traverse the internet. You want your solution to be cloud-first and require the least amount of configuration steps. What should you do?

A.

Configure Private Google Access on the VPC resource. Create a default route to the internet.

B.

Configure Private Google Access on the subnet resource. Create a default route to the internet.

C.

Configure Cloud NAT and remove the default route to the internet.

D.

Configure a global Secure Web Proxy and remove the default route to the internet.

Full Access
Question # 5

After a network change window one of your company’s applications stops working. The application uses an on-premises database server that no longer receives any traffic from the application. The database server IP address is 10.2.1.25. You examine the change request, and the only change is that 3 additional VPC subnets were created. The new VPC subnets created are 10.1.0.0/16, 10.2.0.0/16, and 10.3.1.0/24/ The on-premises router is advertising 10.0.0.0/8.

What is the most likely cause of this problem?

A.

The less specific VPC subnet route is taking priority.

B.

The more specific VPC subnet route is taking priority.

C.

The on-premises router is not advertising a route for the database server.

D.

A cloud firewall rule that blocks traffic to the on-premises database server was created during the change.

Full Access
Question # 6

There are two established Partner Interconnect connections between your on-premises network and Google Cloud. The VPC that hosts the Partner Interconnect connections is named "vpc-a" and contains three VPC subnets across three regions, Compute Engine instances, and a GKE cluster. Your on-premises users would like to resolve records hosted in a Cloud DNS private zone following Google-recommended practices. You need to implement a solution that allows your on-premises users to resolve records that are hosted in Google Cloud. What should you do?

A.

Associate the private zone to "vpc-a." Create an outbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

B.

Configure a DNS proxy service inside one of the GKE clusters. Expose the DNS proxy service in GKE as an internal load balancer. Configure the on-premises DNS servers to forward queries for the private zone to the IP address of the internal load balancer.

C.

Use custom route advertisements to announce 169.254.169.254 via BGP to the on-premises environment. Configure the on-premises DNS servers to forward DNS requests to 169.254.169.254.

D.

Associate the private zone to "vpc-a." Create an inbound forwarding policy and associate the policy to "vpc-a." Configure the on-premises DNS servers to forward queries for the private zone to the entry point addresses created when the policy was attached to "vpc-a."

Full Access
Question # 7

Your company has recently installed a Cloud VPN tunnel between your on-premises data center and your Google Cloud Virtual Private Cloud (VPC). You need to configure access to the Cloud Functions API for your on-premises servers. The configuration must meet the following requirements:

Certain data must stay in the project where it is stored and not be exfiltrated to other projects.

Traffic from servers in your data center with RFC 1918 addresses do not use the internet to access Google Cloud APIs.

All DNS resolution must be done on-premises.

The solution should only provide access to APIs that are compatible with VPC Service Controls.

What should you do?

A.

Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.

Create a CNAME record for *.googleapis.com that points to the A record.

Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.

Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.

B.

Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.

Create a CNAME record for *.googleapis.com that points to the A record.

Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.

Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses.

C.

Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.

Create a CNAME record for *.googleapis.com that points to the A record.

Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.

Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.

D.

Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.

Create a CNAME record for *.googleapis.com that points to the A record.

Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.

Configure your on-premises firewalls to allow traffic to the private.googleapis.com addresses.

Full Access
Question # 8

You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements:

Your on-premises resources should resolve your Google Cloud zones.

Your Google Cloud resources should resolve your on-premises zones.

You need the ability to resolve “. internal” zones provisioned by Google Cloud.

What should you do?

A.

Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

B.

Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.

C.

Configure an outbound DNS server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.

D.

Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

Full Access
Question # 9

Your organization wants to set up hybrid connectivity with VLAN attachments that terminate in a single Cloud Router with 99.9% uptime. You need to create a network design for your on-premises router that meets those requirements and has an active/passive configuration that uses only one VLAN attachment at a time. What should you do?

A.

Create a design that uses a BGP multi-exit discriminator (MED) attribute to influence the egress path from Google Cloud to the on-premises environment.

B.

Create a design that uses the as_path BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

C.

Create a design that uses an equal-cost multipath (ECMP) with flow-based hashing on your on-premises devices.

D.

Create a design that uses the local_pref BGP attribute to influence the egress path from Google Cloud to the on-premises environment.

Full Access
Question # 10

You are responsible for designing a new connectivity solution for your organization's enterprise network to access and use Google Workspace. You have an existing Shared VPC with Compute Engine instances in us-west1. Currently, you access Google Workspace via your service provider's internet access. You want to set up a direct connection between your network and Google. What should you do?

A.

Order a Dedicated Interconnect connection in the same metropolitan area. Create a VLAN attachment, a Cloud Router in us-west1, and a Border Gateway Protocol (BGP) session between your Cloud Router and your router.

B.

Order a Direct Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.

C.

Configure HA VPN in us-west1. Configure a Border Gateway Protocol (BGP) session between your Cloud Router and your on-premises data center.

D.

Order a Carrier Peering connection in the same metropolitan area. Configure a Border Gateway Protocol (BGP) session between Google and your router.

Full Access
Question # 11

You are designing an IP address scheme for new private Google Kubernetes Engine (GKE) clusters, Due to IP address exhaustion of the RFC 1918 address space in your enterprise, you plan to use privately used public IP space for the new dusters. You want to follow Google-recommended practices, What should you do after designing your IP scheme?

A.

Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters. Re-use the secondary address range for the pods across multiple private GKE clusters.

B.

Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters Re-use the secondary address range for the services across multiple private GKE clusters.

C.

Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster With the following options selected: --enab1e-ip-a1ias and --enable-private-nodes.

D.

Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected and – siable-default-snat, --enable-ip-alias, and –enable-private-nodes

Full Access
Question # 12

You successfully provisioned a single Dedicated Interconnect. The physical connection is at a colocation facility closest to us-west2. Seventy-five percent of your workloads are in us-east4, and the remaining twenty-five percent of your workloads are in us-central1. All workloads have the same network traffic profile. You need to minimize data transfer costs when deploying VLAN attachments. What should you do?

A.

Keep the existing Dedicated interconnect. Deploy a VLAN attachment to a Cloud Router in us-west2, and use VPC global routing to access workloads in us-east4 and us-central1.

B.

Keep the existing Dedicated Interconnect. Deploy a VLAN attachment to a Cloud Router in us-east4, and deploy another VLAN attachment to a Cloud Router in us-central1.

C.

Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC global routing to access workloads in us-central1.

D.

Order a new Dedicated Interconnect for a colocation facility closest to us-central1, and use VPC global routing to access workloads in us-east4.

Full Access
Question # 13

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

A.

Connect all the spokes to the hub with Cloud VPN.

B.

Connect all the spokes to the hub with VPC Network Peering.

C.

Connect all the spokes to the hub With Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes

D.

Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

Full Access
Question # 14

You are configuring a new application that will be exposed behind an external load balancer with both IPv4 and IPv6 addresses and support TCP pass-through on port 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest possible latency while ensuring high availability and autoscaling. Which configuration should you use?

A.

Use global SSL Proxy Load Balancing with backends in both regions.

B.

Use global TCP Proxy Load Balancing with backends in both regions.

C.

Use global external HTTP(S) Load Balancing with backends in both regions.

D.

Use Network Load Balancing in both regions, and use DNS-based load balancing to direct traffic to the closest region.

Full Access
Question # 15

You want Cloud CDN to serve the https://www.example.com/images/spacetime.png static image file that is hosted in a private Cloud Storage bucket, You are using the VSE ORIG.-X_NZADERS cache mode You receive an HTTP 403 error when opening the file In your browser and you see that the HTTP response has a Cache-control: private, max-age=O header How should you correct this Issue?

A.

Configure a Cloud Storage bucket permission that gives the Storage Legacy Object Reader role

B.

Change the cache mode to cache all content.

C.

Increase the default time-to-live (TTL) for the backend service.

D.

Enable negative caching for the backend bucket

Full Access
Question # 16

Your company has a single Virtual Private Cloud (VPC) network deployed in Google Cloud with access from your on-premises network using Cloud Interconnect. You must configure access only to Google APIs and services that are supported by VPC Service Controls through hybrid connectivity with a service level agreement (SLA) in place. What should you do?

A.

Configure the existing Cloud Routers to advertise the Google API's public virtual IP addresses.

B.

Use Private Google Access for on-premises hosts with restricted.googleapis.com virtual IP addresses.

C.

Configure the existing Cloud Routers to advertise a default route, and use Cloud NAT to translate traffic from your on-premises network.

D.

Add Direct Peering links, and use them for connectivity to Google APIs that use public virtual IP addresses.

Full Access
Question # 17

Question:

Your organization's security team recently discovered that there is a high risk of malicious activities originating from some of your VMs connected to the internet. These malicious activities are currently undetected when TLS communication is used. You must ensure that encrypted traffic to the internet is inspected. What should you do?

A.

Enable Cloud Armor TLS inspection policy, and associate the policy with the backend VMs.

B.

Use Cloud NGFW Enterprise. Create a firewall rule for egress traffic with the tls-inspect flag and associate the firewall rules with the VMs.

C.

Configure a TLS agent on every VM to intercept TLS traffic before it reaches the internet. Configure Sensitive Data Protection to analyze and allow/deny the content.

D.

Use Cloud NGFW Essentials. Create a firewall rule for egress traffic and enable VPC Flow Logs with the TLS inspect option. Analyze the output logs content and block the outputs that have malicious activities.

Full Access
Question # 18

You suspect that one of the virtual machines (VMs) in your default Virtual Private Cloud (VPC) is under a denial-of-service attack. You need to analyze the incoming traffic for the VM to understand where the traffic is coming from. What should you do?

A.

Enable Data Access audit logs of the VPC. Analyze the logs and get the source IP addresses from the subnetworks.get field.

B.

Enable VPC Flow Logs for the subnet. Analyze the logs and get the source IP addresses from the connection field.

C.

Enable VPC Flow Logs for the VPC. Analyze the logs and get the source IP addresses from the src_location field.

D.

Enable Data Access audit logs of the subnet. Analyze the logs and get the source IP addresses from the networks.get field.

Full Access
Question # 19

You have an application hosted on a Compute Engine virtual machine instance that cannot communicate with a resource outside of its subnet. When you review the flow and firewall logs, you do not see any denied traffic listed.

During troubleshooting you find:

• Flow logs are enabled for the VPC subnet, and all firewall rules are set to log.

• The subnetwork logs are not excluded from Stackdriver.

• The instance that is hosting the application can communicate outside the subnet.

• Other instances within the subnet can communicate outside the subnet.

• The external resource initiates communication.

What is the most likely cause of the missing log lines?

A.

The traffic is matching the expected ingress rule.

B.

The traffic is matching the expected egress rule.

C.

The traffic is not matching the expected ingress rule.

D.

The traffic is not matching the expected egress rule.

Full Access
Question # 20

Question:

Recently, your networking team enabled Cloud CDN for one of the external-facing services that is exposed through an external Application Load Balancer. The application team has already defined which content should be cached within the responses. Upon testing the load balancer, you did not observe any change in performance after the Cloud CDN enablement. You need to resolve the issue. What should you do?

A.

Configure the CACHE_MAX_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches content depending on responses from the backends.

B.

Configure the USE_ORIGIN_HEADERS caching mode on Cloud CDN to ensure Cloud CDN caches content based on response headers from the backends.

C.

Configure the CACHE_ALL_STATIC caching mode on Cloud CDN to ensure Cloud CDN caches all static content as well as content defined by the backends.

D.

Configure the FORCE_CACHE_ALL caching mode on Cloud CDN to ensure all appropriate content is cached.

Full Access
Question # 21

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

A.

Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.

B.

Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

C.

Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

D.

Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.

Full Access
Question # 22

You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports. While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs. You want to resolve the issue.

What should you do?

A.

Enable logging on the default Deny Any Firewall Rule.

B.

Enable logging on the VM Instances that receive traffic.

C.

Create a logging sink forwarding all firewall logs with no filters.

D.

Create an explicit Deny Any rule and enable logging on the new rule.

Full Access
Question # 23

You are deploying a global external TCP load balancing solution and want to preserve the source IP address of the original layer 3 payload.

Which type of load balancer should you use?

A.

HTTP(S) load balancer

B.

Network load balancer

C.

Internal load balancer

D.

TCP/SSL proxy load balancer

Full Access
Question # 24

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

A.

Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.

Configure DNS peering from the spoke VPCs to the hub VPC.

B.

Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.

Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

C.

Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.

Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.

D.

Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.

Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Full Access
Question # 25

You are deploying an application that runs on Compute Engine instances. You need to determine how to expose your application to a new customer You must ensure that your application meets the following requirements

• Maps multiple existing reserved external IP addresses to the Instance

• Processes IP Encapsulating Security Payload (ESP) traffic

What should you do?

A.

Configure a target pool, and create protocol forwarding rules for each external IP address.

B.

Configure a backend service, and create an external network load balancer for each external IP address

C.

Configure a target instance, and create a protocol forwarding rule for each external IP address to be mapped to the instance.

D.

Configure the Compute Engine Instances' network Interface external IP address from None to Ephemeral Add as many external IP addresses as required

Full Access
Question # 26

You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change. What should you do?

A.

Enable Firewall Rules Logging inside the third project.

B.

Modify the existing VPC Service Controls policy to include the new project in dry run mode.

C.

Monitor the Resource Manager audit logs inside the perimeter.

D.

Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.

Full Access
Question # 27

You have the following private Google Kubernetes Engine (GKE) cluster deployment:

You have a virtual machine (VM) deployed in the same VPC in the subnetwork kubernetes-management with internal IP address 192.168.40 2/24 and no external IP address assigned. You need to communicate with the cluster master using kubectl. What should you do?

A.

Add the network 192.168.40.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2.

B.

Add the network 192.168.38.0/28 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

C.

Add the network 192.168.36.0/24 to the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 192.168.38.2

D.

Add an external IP address to the VM, and add this IP address in the masterAuthorizedNetworksConfig. Configure kubectl to communicate with the endpoint 35.224.37.17.

Full Access
Question # 28

You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT.

What is the most likely cause of this problem?

A.

The instance has been configured with multiple interfaces.

B.

An external IP address has been configured on the instance.

C.

You have created static routes that use RFC1918 ranges.

D.

The instance is accessible by a load balancer external IP address.

Full Access
Question # 29

You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic.

What should you do?

A.

Check the VPC flow logs for the instance.

B.

Try connecting to the instance via SSH, and check the logs.

C.

Create a new firewall rule to allow traffic from port 22, and enable logs.

D.

Create a new firewall rule with priority 65500 to deny all traffic, and enable logs.

Full Access
Question # 30

Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

A.

Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

B.

Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

C.

Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

D.

Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

Full Access
Question # 31

Question:

You need to enable Private Google Access for some subnets within your Virtual Private Cloud (VPC). Your security team set up the VPC to send all internet-bound traffic back to the on-premises data center for inspection before egressing to the internet, and is also implementing VPC Service Controls for API-level security control. You have already enabled the subnets for Private Google Access. What configuration changes should you make to enable Private Google Access while adhering to your security team's requirements?

A.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google’s private API address range.

Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

B.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google’s private API address range.

Create a custom route that points Google’s private API address range to the default internet gateway as the next hop.

C.

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google’s restricted API address range.

Create a custom route that points Google’s restricted API address range to the default internet gateway as the next hop.

D.

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google’s restricted API address range.

Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

Full Access
Question # 32

You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

A.

Turn on Private Google Access at the subnet level.

B.

Turn on Private Google Access at the VPC level.

C.

Turn on Private Services Access at the VPC level.

D.

Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

E.

Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Full Access
Question # 33

You are using a 10-Gbps direct peering connection to Google together with the gsutil tool to upload files to Cloud Storage buckets from on-premises servers. The on-premises servers are 100 milliseconds away from the Google peering point. You notice that your uploads are not using the full 10-Gbps bandwidth available to you. You want to optimize the bandwidth utilization of the connection.

What should you do on your on-premises servers?

A.

Tune TCP parameters on the on-premises servers.

B.

Compress files using utilities like tar to reduce the size of data being sent.

C.

Remove the -m flag from the gsutil command to enable single-threaded transfers.

D.

Use the perfdiag parameter in your gsutil command to enable faster performance: gsutil perfdiag gs://[BUCKET NAME].

Full Access
Question # 34

Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

•Each on-premises router is configured with the same ASN.

•Each on-premises router is configured with the same routes and priorities.

•Both on-premises routers are configured with a VPN connected to a single Cloud Router.

•The VPN logs have no-proposal-chosen lines when the VPNs are connecting.

•BGP session is not established between one on-premises router and the Cloud Router.

What is the most likely cause of this problem?

A.

One of the VPN sessions is configured incorrectly.

B.

A firewall is blocking the traffic across the second VPN connection.

C.

You do not have a load balancer to load-balance the network traffic.

D.

BGP sessions are not established between both on-premises routers and the Cloud Router.

Full Access
Question # 35

You want to create a service in GCP using IPv6.

What should you do?

A.

Create the instance with the designated IPv6 address.

B.

Configure a TCP Proxy with the designated IPv6 address.

C.

Configure a global load balancer with the designated IPv6 address.

D.

Configure an internal load balancer with the designated IPv6 address.

Full Access
Question # 36

You are designing a hub-and-spoke network architecture for your company’s cloud-based environment. You need to make sure that all spokes are peered with the hub. The spokes must use the hub's virtual appliance for internet access.

The virtual appliance is configured in high-availability mode with two instances using an internal load balancer with IP address 10.0.0.5. What should you do?

A.

Create a default route in the hub VPC that points to IP address 10.0.0.5.

Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.

Export the custom routes in the hub.

Import the custom routes in the spokes.

B.

Create a default route in the hub VPC that points to IP address 10.0.0.5.

Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.

Export the custom routes in the hub. Import the custom routes in the spokes.

Delete the default internet gateway route of the spokes.

C.

Create two default routes in the hub VPC that point to the next hop instances of the virtual appliances.

Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.

Export the custom routes in the hub. Import the custom routes in the spokes.

D.

Create a default route in the hub VPC that points to IP address 10.0.0.5.

Delete the default internet gateway route in the hub VPC, and create a new higher-priority route that is tagged only to the appliances with a next hop of the default internet gateway.

Create a new route in the spoke VPC that points to IP address 10.0.0.5.

Full Access
Question # 37

In your Google Cloud organization, you have two folders: Dev and Prod. You want a scalable and consistent way to enforce the following firewall rules for all virtual machines (VMs) with minimal cost:

Port 8080 should always be open for VMs in the projects in the Dev folder.

Any traffic to port 8080 should be denied for all VMs in your projects in the Prod folder.

What should you do?

A.

Create and associate a firewall policy with the Dev folder with a rule to open port 8080. Create and associate a firewall policy with the Prod folder with a rule to deny traffic to port 8080.

B.

Create a Shared VPC for the Dev projects and a Shared VPC for the Prod projects. Create a VPC firewall rule to open port 8080 in the Shared VPC for Dev. Create a firewall rule to deny traffic to port 8080 in the Shared VPC for Prod. Deploy VMs to those Shared VPCs.

C.

In all VPCs for the Dev projects, create a VPC firewall rule to open port 8080. In all VPCs for the Prod projects, create a VPC firewall rule to deny traffic to port 8080.

D.

Use Anthos Config Connector to enforce a security policy to open port 8080 on the Dev VMs and deny traffic to port 8080 on the Prod VMs.

Full Access
Question # 38

You have configured Cloud CDN using HTTP(S) load balancing as the origin for cacheable content. Compression is configured on the web servers, but responses served by Cloud CDN are not compressed.

What is the most likely cause of the problem?

A.

You have not configured compression in Cloud CDN.

B.

You have configured the web servers and Cloud CDN with different compression types.

C.

The web servers behind the load balancer are configured with different compression types.

D.

You have to configure the web servers to compress responses even if the request has a Via header.

Full Access
Question # 39

Your company recently migrated to Google Cloud in a Single region. You configured separate Virtual Private Cloud (VPC) networks for two departments. Department A and Department B. Department A has requested access to resources that are part Of Department Bis VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMS) to meet security requirements Your configuration also must

• Support both TCP and UDP protocols

• Provide fully automated failover

• Include health-checks

Require minimal manual Intervention In the client VMS

Which approach should you take?

A.

Create the VMS In the same zone, and configure static routes With IP addresses as next hops.

B.

Create the VMS in different zones, and configure static routes with instance names as next hops

C.

Create an Instance template and a managed instance group. Configure a Single internal load balancer, and define a custom static route with the Internal TCP/UDP load balancer as the next hop

D.

Create an instance template and a managed instance group. Configure two separate internal TCP/IJDP load balancers for each protocol (TCP!UDP), and configure the client VIVIS to use the internal load balancers' virtual IP addresses

Full Access
Question # 40

You recently deployed your application in Google Cloud. You need to verify your Google Cloud network configuration before deploying your on-premises workloads. You want to confirm that your Google Cloud network configuration allows traffic to flow from your cloud resources to your on- premises network. This validation should also analyze and diagnose potential failure points in your Google Cloud network configurations without sending any data plane test traffic. What should you do?

A.

Use Network Intelligence Center's Connectivity Tests.

B.

Enable Packet Mirroring on your application and send test traffic.

C.

Use Network Intelligence Center's Network Topology visualizations.

D.

Enable VPC Flow Logs and send test traffic.

Full Access
Question # 41

(Your digital media company stores a large number of video files on-premises. Each video file ranges from 100 MB to 100 GB. You are currently storing 150 TB of video data in your on-premises network, with no room for expansion. You need to migrate all infrequently accessed video files older than one year to Cloud Storage to ensure that on-premises storage remains available for new files. You must also minimize costs and control bandwidth usage. What should you do?)

A.

Create a Cloud Storage bucket. Establish an Identity and Access Management (IAM) role with write permissions to the bucket. Use the gsutil tool to directly copy files over the network to Cloud Storage.

B.

Set up a Cloud Interconnect connection between the on-premises network and Google Cloud. Establish a private endpoint for Filestore access. Transfer the data from the existing Network File System (NFS) to Filestore.

C.

Use Transfer Appliance to request an appliance. Load the data locally, and ship the appliance back to Google for ingestion into Cloud Storage.

D.

Use Storage Transfer Service to move the data from the selected on-premises file storage systems to a Cloud Storage bucket.

Full Access
Question # 42

Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible.

How should you deploy this service in GCP?

A.

Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer.

B.

Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer.

C.

Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers.

D.

Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers.

Full Access
Question # 43

You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.

How should you design this topology?

A.

Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.

B.

Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.

C.

Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.

D.

Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Full Access
Question # 44

Question:

Your company's current network architecture has three VPC Service Controls perimeters:

    One perimeter (PERIMETER_PROD) to protect production storage buckets

    One perimeter (PERIMETER_NONPROD) to protect non-production storage buckets

    One perimeter (PERIMETER_VPC) that contains a single VPC (VPC_ONE)

In this single VPC (VPC_ONE), the IP_RANGE_PROD is dedicated to the subnets of the production workloads, and the IP_RANGE_NONPROD is dedicated to subnets of non-production workloads. Workloads cannot be created outside those two ranges. You need to ensure that production workloads can access only production storage buckets and non-production workloads can access only non-production storage buckets with minimal setup effort. What should you do?

A.

Develop a design that uses the IP_RANGE_PROD and IP_RANGE_NONPROD perimeters to create two access levels, with each access level referencing a single range. Create two ingress access policies with each access policy referencing one of the two access levels. Update the PERIMETER_PROD and PERIMETER_NONPROD perimeters.

B.

Develop a design that removes the PERIMETER_VPC perimeter. Update the PERIMETER_NONPROD perimeter to include the project containing VPC_ONE. Remove the PERIMETER_PROD perimeter.

C.

Develop a design that creates a new VPC (VPC_NONPROD) in the same project as VPC_ONE. Migrate all the non-production workloads from VPC_ONE to the PERIMETER_NONPROD perimeter. Remove the PERIMETER_VPC perimeter. Update the PERIMETER_PROD perimeter to include VPC_ONE and the PERIMETER_NONPROD perimeter to include VPC_NONPROD.

D.

Develop a design that removes the PERIMETER_VPC perimeter. Update the PERIMETER_PROD perimeter to include the project containing VPC_ONE. Remove the PERIMETER_NONPROD perimeter.

Full Access
Question # 45

You are designing the network architecture for your organization. Your organization has three developer teams: Web, App, and Database. All of the developer teams require access to Compute Engine instances to perform their critical tasks. You are part of a small network and security team that needs to provide network access to the developers. You need to maintain centralized control over network resources, including subnets, routes, and firewalls. You want to minimize operational overhead. How should you design this topology?

A.

Configure a host project with a Shared VPC. Create service projects for Web, App, and Database.

B.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Configure HA VPN between each VPC.

C.

Configure three Shared VPC host projects, each with a service project: one for Web, one for App, and one for Database.

D.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Use VPC Network Peering to connect all VPCs in a full mesh.

Full Access
Question # 46

You are planning to use Terraform to deploy the Google Cloud infrastructure for your company The design must meet the following requirements

• Each Google Cloud project must represent an Internal project that your team Will work on

• After an internal project is finished, the infrastructure must be deleted

• Each Internal project must have Its own Google Cloud project owner to manage the Google Cloud resources-

• You have 10-100 projects deployed at a time,

While you are writing the Terraform code, you need to ensure that the deployment IS Simple, and the code IS reusable With

centralized management What should you doo

A.

Create a Single pt0Ject and additional VPCs for each Internal project

B.

Create a Single Project and Single VPC for each internal project

C.

Create a single Shared VPC and attach each Google Cloud project as a service project

D.

Create a Shared VPC and service project for each Internal project

Full Access
Question # 47

You just finished your company’s migration to Google Cloud and configured an architecture with 3 Virtual Private Cloud (VPC) networks: one for Sales, one for Finance, and one for Engineering. Every VPC contains over 100 Compute Engine instances, and now developers using instances in the Sales VPC and the Finance VPC require private connectivity between each other. You need to allow communication between Sales and Finance without compromising performance or security. What should you do?

A.

Configure an HA VPN gateway between the Finance VPC and the Sales VPC.

B.

Configure the instances that require communication between each other with an external IP address.

C.

Create a VPC Network Peering connection between the Finance VPC and the Sales VPC.

D.

Configure Cloud NAT and a Cloud Router in the Sales and Finance VPCs.

Full Access
Question # 48

You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.

How should you configure the Distribution VPC?

A.

Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.

B.

Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.

C.

Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.

D.

Rename the default VPC as "Distribution" and peer it via network peering.

Full Access
Question # 49

You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot communicate with compute resources on-premises. What should you do?

A.

Configure a custom route advertisement on the Cloud Router.

B.

Enable IP forwarding in the asia-southeast1 region.

C.

Change the VPC dynamic routing mode to Global.

D.

Add a second Border Gateway Protocol (BGP) session to the Cloud Router.

Full Access
Question # 50

Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Virtual Private Cloud (VPC) in the us-east1 region. You need to configure each VM to have a minimum of 128 TCP connections to a public repository so that users can download software updates and packages over the internet. You need to implement a Cloud NAT gateway so that the VMs are able to perform outbound NAT to the internet. You must ensure that all VMs can simultaneously connect to the public repository and download software updates and packages. Which two methods can you use to accomplish this? (Choose two.)

A.

Configure the NAT gateway in manual allocation mode, allocate 2 NAT IP addresses, and update the minimum number of ports per VM to 256.

B.

Create a second Cloud NAT gateway with the default minimum number of ports configured per VM to 64.

C.

Use the default Cloud NAT gateway's NAT proxy to dynamically scale using a single NAT IP address.

D.

Use the default Cloud NAT gateway to automatically scale to the required number of NAT IP addresses, and update the minimum number of ports per VM to 128.

E.

Configure the NAT gateway in manual allocation mode, allocate 4 NAT IP addresses, and update the minimum number of ports per VM to 128.

Full Access
Question # 51

You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?

A.

B.

C.

D.

Full Access
Question # 52

You want to set up two Cloud Routers so that one has an active Border Gateway Protocol (BGP) session, and the other one acts as a standby.

Which BGP attribute should you use on your on-premises router?

A.

AS-Path

B.

Community

C.

Local Preference

D.

Multi-exit Discriminator

Full Access
Question # 53

Question:

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?

A.

Configure VPC Network Peering and peer one of the VPCs to the service project.

B.

Configure Policy-based Routing for each team.

C.

Configure a Shared VPC and create a VPC network in the host project.

D.

Configure a Shared VPC, and create a VPC network in the service project.

Full Access
Question # 54

You work for a university that is migrating to Google Cloud.

These are the cloud requirements:

On-premises connectivity with 10 Gbps

Lowest latency access to the cloud

Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost-efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

A.

Use Shared VPC, and deploy the VLAN attachments and Dedicated Interconnect in the host project.

B.

Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.

C.

Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Dedicated Interconnects.

D.

Use standalone projects and deploy the VLAN attachments and Dedicated Interconnects in each of the individual projects.

Full Access
Question # 55

Question:

Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in the us-west2 region. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2. What should you do?

A.

Enable firewall logging and forward all filtered egress firewall logs to the IDS.

B.

Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

C.

Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

D.

Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.

Full Access
Question # 56

You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

A.

Assign a public IP address to the instance.

B.

Create a route to reach the Master, pointing to the default internet gateway.

C.

Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.

D.

Create the appropriate master authorized network entries to allow the instance to communicate to the master.

Full Access
Question # 57

You need to create a GKE cluster in an existing VPC that is accessible from on-premises. You must meet the following requirements:

    IP ranges for pods and services must be as small as possible.

    The nodes and the master must not be reachable from the internet.

    You must be able to use kubectl commands from on-premises subnets to manage the cluster.

How should you create the GKE cluster?

A.

• Create a private cluster that uses VPC advanced routes.

•Set the pod and service ranges as /24.

•Set up a network proxy to access the master.

B.

• Create a VPC-native GKE cluster using GKE-managed IP ranges.

•Set the pod IP range as /21 and service IP range as /24.

•Set up a network proxy to access the master.

C.

• Create a VPC-native GKE cluster using user-managed IP ranges.

•Enable a GKE cluster network policy, set the pod and service ranges as /24.

•Set up a network proxy to access the master.

•Enable master authorized networks.

D.

• Create a VPC-native GKE cluster using user-managed IP ranges.

•Enable privateEndpoint on the cluster master.

•Set the pod and service ranges as /24.

•Set up a network proxy to access the master.

•Enable master authorized networks.

Full Access
Question # 58

You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.

What should you do?

A.

• Create a Cloud VPN instance.• Create a policy-based VPN tunnel per subnet.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Create the appropriate static routes.

B.

• Create a Cloud VPN instance.• Create a policy-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Configure the appropriate static routes.

C.

• Create a Cloud VPN instance.• Create a route-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to match your local and remote networks.• Configure the appropriate static routes.

D.

• Create a Cloud VPN instance.• Create a route-based VPN tunnel.• Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.• Configure the appropriate static routes.

Full Access
Question # 59

You are designing a hybrid cloud environment for your organization. Your Google Cloud environment is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at 10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?

A.

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 10.204.0.0/24.

Set a custom route advertisement on the Cloud Router for 10.204.0.0/24

B.

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168 20.88.

Configure your on-premises firewall to accept traffic from 35.199.192.0/19

Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.

C.

Create a private forwarding zone in Cloud DNS for ‘corp .altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 10.204.0.0/24.

Modify the /etc/resolv conf file on your Compute Engine instances to point to 192.168.20 88

D.

Create a private zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com.

Configure DNS Server Policies and create a policy with Alternate DNS servers to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 35.199.192.0/19.

Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.

Full Access
Question # 60

You have configured a service on Google Cloud that connects to an on-premises service via a Dedicated Interconnect. Users are reporting recent connectivity issues. You need to determine whether the traffic is being dropped because of firewall rules or a routing decision. What should you do?

A.

Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.

B.

Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.

C.

Configure VPC Flow Logs. Review the logs by filtering on the source and destination.

D.

Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.

Full Access
Question # 61

You have an HA VPN connection with two tunnels running in active/passive mode between your Virtual Private Cloud (VPC) and on-premises network. Traffic over the connection has recently increased from 1 gigabit per second (Gbps) to 4 Gbps, and you notice that packets are being dropped. You need to configure your VPN connection to Google Cloud to support 4 Gbps. What should you do?

A.

Configure the remote autonomous system number (ASN) to 4096.

B.

Configure a second Cloud Router to scale bandwidth in and out of the VPC.

C.

Configure the maximum transmission unit (MTU) to its highest supported value.

D.

Configure a second set of active/passive VPN tunnels.

Full Access
Question # 62

You need to enable Private Google Access for use by some subnets within your Virtual Private Cloud (VPC). Your security team set up the VPC to send all internet-bound traffic back to the on- premises data center for inspection before egressing to the internet, and is also implementing VPC Service Controls in the environment for API-level security control. You have already enabled the subnets for Private Google Access. What configuration changes should you make to enable Private Google Access while adhering to your security team’s requirements?

A.

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.

Create a custom route that points Google's restricted API address range to the default internet gateway as the next hop.

B.

Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range.

Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

C.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record painting to Google's private AP address range.

Change the custom route that points the default route (0/0) to the default internet gateway as the next hop.

D.

Create a private DNS zone with a CNAME record for *.googleapis.com to private.googleapis.com, with an A record pointing to Google's private API address range.

Create a custom route that points Google's private API address range to the default internet gateway as the next hop.

Full Access
Question # 63

Question:

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue. What should you do?

A.

Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

B.

Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

C.

Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

D.

Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

Full Access
Question # 64

Question:

Your organization has distributed geographic applications with significant data volumes. You need to create a design that exposes the HTTPS workloads globally and keeps traffic costs to a minimum. What should you do?

A.

Deploy a regional external Application Load Balancer with Standard Network Service Tier.

B.

Deploy a regional external Application Load Balancer with Premium Network Service Tier.

C.

Deploy a global external proxy Network Load Balancer with Standard Network Service Tier.

D.

Deploy a global external Application Load Balancer with Premium Network Service Tier.

Full Access
Copyright myexamcollection.com. All Right Reserved.