PCNE Designing, planning, and prototyping a GCP network • Complete Question Bank
Complete PCNE Designing, planning, and prototyping a GCP network question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` gcloud compute networks subnets describe subnet-a --region us-central1 creationTimestamp: '2024-01-15T10:00:00.000-08:00' description: '' enableFlowLogs: false gatewayAddress: 10.0.0.1 id: '123456789' ipCidrRange: 10.0.0.0/24 kind: compute#subnetwork logConfig: null name: subnet-a network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/vpc-1 privateIpGoogleAccess: false purpose: PRIVATE region: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1 role: null secondaryIpRanges: [] selfLink: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/subnet-a state: READY ```
Refer to the exhibit.
```
Resource: Cloud Router
Name: router-1
Region: us-central1
Network: vpc-1
BGP: Autonomous System Number (ASN): 65001
Advertised IP ranges: 10.0.0.0/16
BGP sessions:
- peer: on-prem-router
peer ASN: 65002
peer IP: 192.168.1.1
Cloud Router IP: 169.254.0.1
Advertised route priority: 100
Status: Established
On-premises router BGP table:
Network Next Hop Metric
10.0.0.0/16 169.254.0.1 0
0.0.0.0/0 192.168.1.1 0
```Refer to the exhibit. ``` # gcloud compute routers describe my-router --region us-central1 bgp: advertiseMode: CUSTOM advertisedGroups: - ALL_SUBNETS advertisedIpRanges: - range: 10.0.1.0/24 - range: 10.0.2.0/24 bgpPeers: - interfaceName: if-0 ipAddress: 169.254.0.1 peerIpAddress: 169.254.0.2 peerAsn: 65001 advertisedRoutePriority: 100 - interfaceName: if-1 ipAddress: 169.254.1.1 peerIpAddress: 169.254.1.2 peerAsn: 65001 advertisedRoutePriority: 100 ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Provides outbound connectivity for private instances
Securely connects on-premises to VPC via IPsec
Delivers content from edge caches globally
Translates domain names to IP addresses
Manages service mesh traffic with global load balancing
Drag a concept onto its matching description — or click a concept then click the description.
Tests basic connectivity to an IP address
Traces the path packets take to a destination
Displays network connections and listening ports
Queries DNS to resolve a hostname
Captures and analyzes network packets
Refer to the exhibit.
gcloud compute networks subnets create subnet-a \
--network=my-vpc \
--region=us-central1 \
--range=10.0.1.0/24 \
--secondary-range=10.1.0.0/16 \
--enable-private-ip-google-accessRefer to the exhibit.
gcloud compute routers create my-router \
--region=us-east1 \
--network=my-vpc \
--asn=65001
gcloud compute routers add-interface my-router \
--interface-name=if-1 \
--ip-address=169.254.0.1 \
--mask-length=30 \
--vpn-tunnel=tunnel-1Refer to the exhibit. Command output: $ gcloud compute routers get-nat-gateway-info my-router --region=us-central1 natGatewayInfo: - natName: example-nat vm: instance-1 publicIp: 203.0.113.2 privateIp: 10.0.0.2 - natName: example-nat vm: instance-2 publicIp: 203.0.113.3 privateIp: 10.0.0.3 natName: example-nat vm: instance-3 publicIp: 203.0.113.4 privateIp: 10.0.0.4
Refer to the exhibit.
JSON configuration for Cloud Armor security policy:
{
"name": "prod-security-policy",
"defaultRuleAction": "allow",
"rules": [
{
"priority": 1000,
"match": {
"expr": {
"expression": "origin.region_code == 'CN'"
}
},
"action": "deny(403)"
},
{
"priority": 2000,
"match": {
"expr": {
"expression": "request.path.startsWith('/admin')"
}
},
"action": "deny(403)"
},
{
"priority": 3000,
"match": {
"config": {
"srcIpRanges": ["192.0.2.0/24"]
},
"versionedExpr": "SRC_IPS_V1"
},
"action": "deny(403)"
}
]
}gcloud compute routers get-status my-router --region us-central1
status:
bgpPeerStatus:
- ipAddress: 10.0.0.1
peerIpAddress: 10.0.0.2
sessionState: ESTABLISHED
advertisedRoutes:
- 192.168.1.0/24
- 192.168.2.0/24
- ipAddress: 10.0.0.3
peerIpAddress: 10.0.0.4
sessionState: IDLE
advertisedRoutes: []gcloud compute firewall-rules describe allow-internal
- name: allow-internal
- network: default
- sourceRanges: ['10.0.0.0/8']
- allowed:
- IPProtocol: tcp
ports: ['0-65535']
- targetServiceAccounts: ['my-sa@project.iam.gserviceaccount.com']
- direction: INGRESS
- priority: 1000gcloud compute networks subnets describe my-subnet --region us-central1
- name: my-subnet
- network: my-vpc
- ipCidrRange: 10.0.1.0/24
- privateIpGoogleAccess: true
- purpose: PRIVATE
- logConfig: {enable: true}