Network Engineer Practice Questions

Question #1

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible. To ease the transition, you decided to use the same architecture as your on-premises network: a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic is sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

  1. Connect all the spokes to the hub with Cloud VPN.
  2. Connect all the spokes to the hub with VPC Network Peering.
  3. Connect all the spokes to the hub with Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
  4. Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

 

Question #2

You recently deployed two network virtual appliances in us-central1. Your network appliances provide connectivity to your on-premises network, 10.0.0.0/8. You need to configure the routing for your Virtual Private Cloud (VPC). Your design must meet the following requirements:

  • All access to your on-premises network must go through the network virtual appliances.
  • Allow on-premises access in the event of a single network virtual appliance failure.
  • Both network virtual appliances must be used simultaneously.

Which method should you use to accomplish this?

  1. Configure an internal HTTP(S) load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal HTTP(S) load balancer as the next hop.
  2. Configure an internal TCP/UDP load balancer with the two network virtual appliances as backends. Configure a route for 10.0.0.0/8 with the internal load balancer as the next hop.
  3. Configure two routes for 10.0.0.0/8 with different priorities, each pointing to separate network virtual appliances.
  4. Configure a network load balancer for the two network virtual appliances. Configure a route for 10.0.0.0/8 with the network load balancer as the next hop.

 

Question #3

Your memory has recently installed a Cloud VPN tunnel between your on-premises data center and your Google Cloud Virtual Private Cloud (VPC). You need to configure access to the Cloud Functions API for your on-premises servers. The configuration must meet the following requirements:

  • Certain data must stay in the project where it is stored and not be exfiltrated to other projects.
  • Traffic from servers in your data center with RFC 1918 addresses do not use the internet to access Google Cloud APIs.
  • All DNS resolution must be done on-premises.
  • The solution should only provide access to APIs that are compatible with VPC Service Controls.

What should you do?

  1. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.
    2. Create a CNAME record for *.googleapis.com that points to the A record.
    3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
    4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.
  2. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.
    2. Create a CNAME record for *.googleapis.com that points to the A record.
    3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
    4. Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses.
  3. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.
    2. Create a CNAME record for *.googleapis.com that points to the A record.
    3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
    4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.
  4. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.
    2. Create a CNAME record for *.googleapis.com that points to the A record.
    3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
    4. Configure your on-premises firewalls to allow traffic to the private.googleapis.com addresses.

 

Question #4

You have applications running in the us-west1 and us-east1 regions. You want to build a highly available VPN that provides 99.99% availability to connect your applications from your project to the cloud services provided by your partner’s project while minimizing the amount of infrastructure required. Your partner’s services are also in the us-west1 and us-east1 regions. You want to implement the simplest solution. What should you do?

  1. Create one OpenVPN Access Server in each region of your VPC and your partner’s VPC. Connect your servers to the partner’s servers.
  2. Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC. Create one OpenVPN Access Server in each region of your partner’s VPC. Connect your VPN gateway to your partner’s servers.
  3. Create one Cloud Router and one HA VPN gateway in the us-west1 region of your VPC and your partner’s VPC. Connect your VPN gateways to the partner’s gateways with a pair of tunnels. Enable global dynamic routing in each VPC.
  4. Create one Cloud Router and one HA VPN gateway in each region of your VPC and your partner’s VPC. Connect your VPN gateways to the partner’s gateways. Enable global dynamic routing in each VPC.

 

Question #5

You have provisioned a Dedicated Interconnect connection of 20 Gbps with a VLAN attachment of 10 Gbps. You recently noticed a steady increase in ingress traffic on the Interconnect connection from the on-premises data center. You need to ensure that your end users can achieve the full 20 Gbps throughput as quickly as possible. Which two methods can you use to accomplish this?

Choose 2 answers.

  1. Configure Link Aggregation Control Protocol (LACP) on the on-premises router to use the 20-Gbps Dedicated Interconnect connection.
  2. From the Google Cloud console, modify the bandwidth of the VLAN attachment to 20 Gbps.
  3. From the Google Cloud console, request a new Dedicated Interconnect connection of 20 Gbps, and configure a VLAN attachment of 10 Gbps.
  4. Configure an additional VLAN attachment of 10 Gbps in another region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).
  5. Configure an additional VLAN attachment of 10 Gbps in the same region. Configure the on-premises router to advertise routes with the same multi-exit discriminator (MED).