VPN
搜索结果共计:11
[单选]As part of implementing their disaster recovery plan, your company is trying to replicate their production MySQL database from their private data center to their GCP project using a Google Cloud VPN connection. They are experiencing latency issues and a small amount of packet loss that is disrupting the replication. What should they do?
作为实施灾难恢复计划的一部分,您的公司正试图使用谷歌云VPN连接将他们的生产MySQL数据库从私人数据中心复制到他们的GCP项目中。
他们正在遇到延迟问题和少量的数据包丢失,从而中断了复制。
他们应该怎么做?
- A
Configure their replication to use UDP.
- B
Configure a Google Cloud Dedicated Interconnect.
- C
Restore their database daily using Google Cloud SQL.
- D
Add additional VPN connections and load balance them.
- E
Send the replicated transaction to Google Cloud Pub/Sub.
答案:B
查看解析
[单选]You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-premise systems remain reachable during this period. How should you organize your networking in Google Cloud?
您正在分几个阶段将本地解决方案迁移到谷歌云。
您将使用云VPN来维护本地系统和谷歌云之间的连接,直到迁移完成。
您希望确保在此期间所有内部系统都可访问。
你应该如何在谷歌云中组织你的网络?
- A
Use the same IP range on Google Cloud as you use on-premises
- B
Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises
- C
Use an IP range on Google Cloud that does not overlap with the range you use on-premises
- D
Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your primary IP range and use a secondary range with the same IP range as you use on-premises
答案:C
查看解析
[单选]You are working in a highly secured environment where public Internet access from the Compute Engine VMs is not allowed. You do not yet have a VPN connection to access an on-premises file server. You need to install specific software on a Compute Engine instance. How should you install the software?
您是在一个高度安全的环境中工作,其中不允许从计算引擎虚拟机访问公共互联网。
您还没有一个可以访问本地文件服务器的VPN连接。
您需要在一个计算引擎实例上安装特定的软件。
你应该如何安装这个软件?
- A
Upload the required installation files to Cloud Storage. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gsutil.
- B
Upload the required installation files to Cloud Storage and use firewall rules to block all traffic except the IP address range for Cloud Storage. Download the files to the VM using gsutil.
- C
Upload the required installation files to Cloud Source Repositories. Configure the VM on a subnet with a Private Google Access subnet. Assign only an internal IP address to the VM. Download the installation files to the VM using gcloud.
- D
Upload the required installation files to Cloud Source Repositories and use firewall rules to block all traffic except the IP address range for Cloud Source Repositories. Download the files to the VM using gsutil.
答案:A
查看解析
[单选]You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network. How should you deploy the VPN?
您希望在跨两个区域的单个VPC中建立一个计算引擎应用程序。
该应用程序必须通过VPN与内部部署网络进行通信。
您应该如何部署VPN?
- A
Use VPC Network Peering between the VPC and the on-premises network.
- B
Expose the VPC to the on-premises network using IAM and VPC Sharing.
- C
Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway.
- D
Deploy Cloud VPN Gateway in each region. Ensure that each region has at least one VPN tunnel to the on-premises peer gateway. (确保每个区域至少有一个通往本地对等网关的VPN通道。)
答案:D
查看解析
[单选]Topic 1Question #146Topic 1Question #146
You have deployed several instances on Compute Engine. As a security requirement, instances cannot have a public IP address. There is no VPN connection between Google Cloud and your office, and you need to connect via SSH into a specific machine without violating the security requirements. What should you do?
您已经在计算引擎上部署了几个实例。
作为安全要求,实例不能具有公共IP地址。
谷歌Cloud和您的办公室之间没有VPN连接,您需要通过SSH连接到特定的机器上,而不违反安全要求。
你应该做什么?
- A
Configure Cloud NAT on the subnet where the instance is hosted. Create an SSH connection to the Cloud NAT IP address to reach the instance.
- B
Add all instances to an unmanaged instance group. Configure TCP Proxy Load Balancing with the instance group as a backend. Connect to the instance using the TCP Proxy IP.
- C
Configure Identity-Aware Proxy (IAP) for the instance and ensure that you have the role of IAP-secured Tunnel User. Use the gcloud command line tool to ssh into the instance.
- D
Create a bastion host in the network to SSH into the bastion host from your office location. From the bastion host, SSH into the desired instance.
答案:C
查看解析
[单选]Question #156
Your company has a Google Cloud project that uses BigQuery for data warehousing. They have a VPN tunnel between the on-premises environment and Google
Cloud that is configured with Cloud VPN. The security team wants to avoid data exfiltration by malicious insiders, compromised code, and accidental oversharing.
What should they do?
您的公司有一个使用BigQuery进行数据仓库的谷歌云项目。
他们在本地环境和谷歌之间有一个VPN隧道 配置了云VPN的云。
安全团队希望避免恶意内部人员的数据泄露、泄露的代码和意外的过度共享。
他们应该怎么做?
- A
Configure Private Google Access for on-premises only.
- B
Perform the following tasks: 1. Create a service account. 2. Give the BigQuery JobUser role and Storage Reader role to the service account. 3. Remove all other IAM access from the project.
- C
Configure VPC Service Controls and configure Private Google Access.
- D
Configure Private Google Access.
答案:C
查看解析
[单选]Topic 1 Question #173
The operations team in your company wants to save Cloud VPN log events for one year. You need to configure the cloud infrastructure to save the logs. What should you do?
您公司的运营团队希望将云VPN日志事件保存一年。
您需要配置云基础架构来保存日志。
你应该做什么?
- A
Set up a filter in Cloud Logging and a Cloud Storage bucket as an export target for the logs you want to save.
- B
Enable the Compute Engine API, and then enable logging on the firewall rules that match the traffi c you want to save.
- C
Set up a Cloud Logging Dashboard titled Cloud VPN Logs, and then add a chart that queries for the VPN metrics over a one-year time period.
- D
Set up a filter in Cloud Logging and a topic in Pub/Sub to publish the logs.
答案:A
查看解析
[单选]Your office is connected to GCP via a VPN connection. How can you increase the speed of your VPN connection, assuming that your office Internet is not the bottleneck?
您的办公室通过VPN连接连接到GCP。
假设你的办公室互联网不是瓶颈,你如何提高VPN连接的速度?
- A
Apply for a dedicated interconnect option
- B
Enable high speed routing in your VPN settings
- C
Create an additional VPN tunnel
- D
Submit request to increase bandwidth quota
答案:C
查看解析
[单选]You have been asked to create robust Virtual Private Network (VPN)connectivity between a new Virtual Private Cloud (VPC)and a remote site.Key requirements include dynamic routing, a shared address space of 10.19.0.1/22,and no overprovisioning of tunnels during a failover event.You want to follow Google-recommended practices to set up a high availability Cloud VPN.What should you do?有人要求您在一个新的虚拟私有云(VPC)和一个远程站点之间创建健壮的虚拟私有网(VPN)连接。关键需求包括动态路由、10.19.0.1/22的共享地址空间,以及在故障转移事件期间不过度配置隧道。您希望遵循谷歌推荐的实践来建立一个高可用性的云VPN。你应该怎么做?
- A
Use a custom mode VPC network,configure static routes,and use active/passive routing.
- B
Use an automatic mode VPC network,configure static routes, and use active/active routing.
- C
Use a custom mode VPC network,use Cloud Router border gateway protocol(BGP)routes,and use active/passive routing.
- D
Use an automatic mode VPC network,use Cloud Router border gateway protocol(BGP)routes,and configure policy-based routing.
答案:C
[单选]45 of 50.
Your company has a Google Cloud project that uses BigQuery for data warehousing. The VPN tunnel between the on-premises environment and Google Cloud is configured with Cloud VPN. Your security team wants to avoid data exfiltration by malicious insiders, compromised code,and accidental oversharing. What should you do?
您的公司有一个使用BigQuery进行数据仓库的谷歌云项目。
本地环境和谷歌云之间的VPN隧道配置了云VPN。
您的安全团队希望避免恶意内部人员、泄露的代码和意外的过度共享。
你应该做什么?
- A
Configure Private Google Access.
- B
Create a service account, grant the BigQuery JobUser role and Storage Object Viewer role to the service account, and remove all other Identity and Access Management (IAM) access from the project.
- C
Configure VPC Service Controls and configure Private Google Access for on-premises hosts.
- D
Configure Private Service Connect.
答案:C
[单选]Question #151
Your company has a support ticketing solution that uses App Engine Standard. The project that contains the App Engine application already has a Virtual Private Cloud (VPC) network fully connected to the company's on-premises environment through a Cloud VPN tunnel. You want to enable the App Engine application to communicate with a database that is running in the company's on-premises environment. What should you do?
您的公司有一个使用应用程序引擎标准的支持票务解决方案。
这个包含应用程序引擎应用程序的项目已经有了一个虚拟私有云(VPC)网络,通过云VPN隧道完全连接到该公司的内部环境。
您希望使App Engine应用程序与公司内部环境中运行的数据库通信。
你应该做什么?
- A
Configure private Google access for on-premises hosts only.
- B
Configure private Google access.
- C
Configure private services access.
- D
Configure serverless VPC access.
答案:D
Network
搜索结果共计:17
[单选]A recent audit revealed that a new network was created in your GCP project. In this network, a GCE instance has an SSH port open to the world.
You want to discover this network‘s origin..
What should you do?
最近的一次审计显示,在您的GCP项目中创建了一个新的网络。
在这个网络中,一个GCE实例有一个向世界开放的SSH端口。
你想发现这个网络的起源。。
你应该怎么做?
- A
Search for Create VM entry in the Stackdriver alerting console
- B
Navigate to the Activity page in the Home section. Set category to Data Access and search for Create VM entry
- C
In the Logging section of the console, specify GCE Network as the logging section. Search for the Create Insert entry
- D
Connect to the GCE instance using project SSH keys. Identify previous logins in system logs, and match these with the project owners list
答案:C
查看解析
[单选]Your organization has a 3-tier web application deployed in the same network on Google Cloud Platform. Each tier (web, API, and database) scales independently of the others. Network traffic should ow through the web to the API tier and then on to the database tier. Traffic should not ow between the web and the database tier. How should you configure the network?
您的组织在谷歌云平台上的同一网络中部署了一个3层web应用程序。
每个层(web、API和数据库)都可以独立于其他层进行扩展。
网络流量应该通过web传输到API层,然后再传输到数据库层。
流量不应该在web和数据库层之间移动。
您应如何配置该网络?
- A
Add each tier to a different subnetwork
- B
Set up software based firewalls on individual VMs
- C
Add tags to each tier and set up routes to allow the desired traffic flow
- D
Add tags to each tier and set up firewall rules to allow the desired traffic flow
答案:D
查看解析
[单选]You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network. How should you deploy the VPN?
- A
Use VPC Network Peering between the VPC and the on-premises network.
- B
Expose the VPC to the on-premises network using IAM and VPC Sharing.
- C
Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway.
- D
Deploy Cloud VPN Gateway in each region. Ensure that each region has at least one VPN tunnel to the on-premises peer gateway.
答案:D
查看解析
[单选]You need to develop procedures to verify resilience of disaster recovery for remote recovery using GCP. Your production environment is hosted on-premises. You need to establish a secure, redundant connection between your on-premises network and the GCP network. What should you do?
您需要开发过程来验证使用GCP进行远程恢复的灾难恢复的弹性。
您的生产环境是在本地进行托管的。
您需要在内部部署网络和GCP网络之间建立一个安全的冗余连接。
你应该做什么?
- A
Verify that Dedicated Interconnect can replicate files to GCP. Verify that direct peering can establish a secure connection between your networks if Dedicated Interconnect fails.
- B
Verify that Dedicated Interconnect can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if Dedicated Interconnect fails.
- C
Verify that the Transfer Appliance can replicate files to GCP. Verify that direct peering can establish a secure connection between your networks if the Transfer Appliance fails.
- D
Verify that the Transfer Appliance can replicate files to GCP. Verify that Cloud VPN can establish a secure connection between your networks if the Transfer Appliance fails.
答案:B
查看解析
[单选]Question #128 Topic 1
Your company has sensitive data in Cloud Storage buckets. Data analysts have Identity Access Management (IAM) permissions to read the buckets. You want to prevent data analysts from retrieving the data in the buckets from outside the office network. What should you do?
您的公司在云存储桶中有敏感数据。
数据分析人员具有身份访问管理(IAM)权限来读取这些桶。
您希望防止数据分析人员从办公室网络外部检索桶中的数据。
你应该做什么?
- A
1) Create a VPC Service Controls perimeter that includes the projects with the buckets. 2) Create an access level with the CIDR of the office network.
- B
1) Create a firewall rule for all instances in the Virtual Private Cloud (VPC) network for source range. 2) Use the Classless Inter-domain Routing (CIDR) of the office network.
- C
1) Create a Cloud Function to remove IAM permissions from the buckets, and another Cloud Function to add IAM permissions to the buckets. 2) Schedule the Cloud Functions with Cloud Scheduler to add permissions at the start of business and remove permissions at the end of business.
- D
1) Create a Cloud VPN to the office network. 2) Configure Private Google Access for on-premises hosts.
答案:A
查看解析
[单选]Topic 1Question #133
Your company has a project in Google Cloud with three Virtual Private Clouds (VPCs). There is a Compute Engine instance on each VPC. Network subnets do not overlap and must remain separated. The network configuration is shown below.
Instance #1 is an exception and must communicate directly with both Instance #2 and Instance #3 via internal IPs. How should you accomplish this?
您的公司在谷歌云中有一个项目,其中有三个虚拟私有云(vpc)。
在每个VPC上都有一个计算引擎实例。
网络子网不重叠,必须保持分离。
网络配置如下图所示。
实例#1是一个异常,必须通过内部ip直接与实例#2和实例#3进行通信。
,你应该如何完成这个任务?
- A
Create a cloud router to advertise subnet #2 and subnet #3 to subnet #1.
- B
Add two additional NICs to Instance #1 with the following configuration:
NIC1-‹VPC:VPC#2-‹SUBNETWORK: subnet #2
NIC2-‹VPC:VPC#3-‹SUBNETWORK: subnet #3
Update firewall rules to enable traffic between instances. - C
Create two VPN tunnels via CloudVPN: 1 between VPC #1 and VPC #2.1 between VPC #2 and VPC #3. Update firewall rules to enable traffic between the instances
- D
Peer all three VPCs: peer VPC#1 with VPC #2 peer VPC#2 with VPC #3,Update firewall rules to enable traffic between the instances.
答案:B
查看解析
[单选]To set up a virtual private network between your office network and Google Cloud Platform and have the routes automatically updated when the network topology changes, what is the minimal number of each type of component you need to implement?要在您的办公室网络和谷歌云平台之间建立一个虚拟专用网络,并在网络拓扑发生变化时自动更新路由,您需要实现的每种类型的组件的最小数量是多少?
- A
2 Cloud VPN Gateways and 1 Peer Gateway
- B
1 Cloud VPN Gateway,1 Peer Gateway,and 1 Cloud Router
- C
2 Peer Gateways and 1 Cloud Router
- D
2 Cloud VPN Gateways and 1 Cloud Router
答案:B
查看解析
[单选]If network traffic between one Google Compute Engine instance and another instance is being dropped, what is the most likely cause?如果一个谷歌计算引擎实例和另一个实例之间的网络流量被丢弃,最可能的原因是什么?
- A
The instances are on a network with low bandwidth.
- B
The TCP keep-alive setting is too short.
- C
The instances are on a default network with no additional firewall rules.
- D
A firewall rule was deleted.
答案:D
查看解析
[单选]Your company is moving its entire workload to Compute Engine.Some servers should be accessible through the internet and other servers should only be accessible over the internal network All servers need to be able to talk to each other over specific ports and protocols The current on-premises network relies on a demilitarized zone(DMZ)for the public servers and a Local Area Network(LAN)for the private servers You need to design the networking infrastructure on Google Cloud to match these requirements What should you do?您的公司正在把其全部工作量转移到计算引擎上。一些服务器应该通过互联网访问和其他服务器应该只能访问内部网络所有服务器需要能够在特定的端口和协议当前本地网络依赖于非军事区(DMZ)公共服务器和局域网(LAN)私人服务器你需要设计谷歌云上的网络基础设施来满足这些要求你应该怎么做?
- A
1).Create a single VPC with a subnet for the DMZ and a subnet for the LAN.
2). Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets,and another Written firewall rule to allow public ingress(ingress最重要) traffic for the DMZ - B
1).Create a single VPC with a subnet for the DMZ and a subnet for the LAN
2). Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets,and another firewall rule to allow public egress traffic for the DMZ - C
1). Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
2). Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets,and another firewall rule to allow public ingress traffic for the DMZ - D
1).Create a VPC with a subnet for the DMZ and another VPC with a subnet for the LAN.
2). Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets,and another firewall rule to allow public egress traffic for the DMZ
答案:A
查看解析
[单选]Your company recently acquired a company that has infrastructure in Google Cloud Each company has its own Google Cloud organization Each company is using a Shared Virtual Private Cloud (VPC) to provide network connectivity for its applications Some of the subnets used by both companies overlap. In order for both businesses to integrate the applications need to have private network connectivity. These. applications are not on overlapping subnets. You want to provide connectivity with minimal re-engineering. What should you do?
您的公司最近收购了一家在谷歌云中有基础设施的公司,每个公司都有自己的谷歌云组织,每个公司都在使用共享虚拟私有云(VPC)为其应用程序提供网络连接,两家公司使用的一些子网重叠。
为了使两家企业集成应用程序,需要有专用网络连接。
These.
应用程序不在重叠的子网网上。
您希望以最小限度的重新设计提供连接。
你应该做什么?
- A
Migrate the projects from the acquired company into your company's Google Cloud organization. Re-launch the instances in your companies Shared VPC
- B
Set up VPC peering and peer each Shared VPC together.
- C
Set up a Cloud VPN gateway in each Shared VPC and peer Cloud VPNs
- D
Configure SSH port forwarding on each application to provide connectivity between applications in the different Shared VPCS
答案:C
[单选]A development manager is building a new application. He asks you to review his requirements and identify what cloud technologies he can use to meet them. The application must:
Be based on open-source technology for cloud portability
Dynamically scale compute capacity based on demand
Support continuous software delivery
Run multiple segregated copies of the same application stack
Deploy application bundles using dynamic templates
Route network traffic to specific services based on URL
Which combination of technologies will meet all of his requirements?
一个开发经理正在构建一个新的应用程序。
他要求您审查他的需求,并确定他可以使用哪些云技术来满足这些需求。
应用程序必须:
是基于云可移植性的开源技术的
根据需求动态调整计算能力
支持连续的软件交付
运行同一应用程序堆栈的多个隔离副本
使用动态模板部署应用程序包
基于URL将网络流量路由到特定的服务
哪种技术组合将满足他的所有要求?
- A
Google Kubernetes Engine, Jenkins, and Helm
- B
Google Kubernetes Engine and Cloud Load Balancing
- C
Google Kubernetes Engine and Cloud Deployment Manager
- D
Google Kubernetes Engine, Jenkins, and Cloud Load Balancing
答案:A
[单选]Your company is building a new architecture to support its data-centric business focus. You are responsible for setting up the network. Your company ‘s mobile and web-facing applications will be deployed on-premises, and all data analysis will be conducted in GCP. The plan is to.process and load 7 years of archived .csv files totaling 900 TB of data and then continue loading 10 TB of data daily. You currently have an existing 100-MB internet connection.
What actions will meet your company‘s needs?
您的公司正在构建一个新的架构来支持其以数据为中心的业务重点。
您负责建立网络。
您公司的移动设备和面向网络的应用程序将在本地部署,所有的数据分析都将在GCP中进行。
该计划是。处理和加载7年的存档的.csv文件,总计为900 TB的数据,然后继续每天加载10 TB的数据。
您目前已有一个100mb的互联网连接。
哪些行动将满足您公司的需求?
- A
Compress and upload both archived files and files uploaded daily using the gsutil -m option.
- B
Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a connection with Google using a Dedicated Interconnect or Direct Peering connection and use it to upload files daily.
- C
Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish one Cloud VPN Tunnel to VPC networks over the public internet, and compress and upload files daily using the gsutil -m option.
- D
Lease a Transfer Appliance, upload archived files to it, and send it to Google to transfer archived data to Cloud Storage. Establish a Cloud VPN Tunnel to VPC networks over the public internet, and compress and upload files daily.
答案:B
查看解析
[单选]Question #127 Topic 1
Your company uses the Firewall Insights feature in the Google Network Intelligence Center. You have several firewall rules applied to Compute Engine instances.
You need to evaluate the efficiency of the applied firewall ruleset. When you bring up the Firewall Insights page in the Google Cloud Console, you notice that there are no log rows to display. What should you do to troubleshoot the issue?
您的公司使用谷歌网络智能中心中的防火墙洞察功能。
您有几个防火墙规则应用于计算引擎实例。
您需要评估所应用的防火墙规则集的效率。
当您在谷歌云控制台中打开防火墙洞察力页面时,您会注意到没有日志行需要显示。
您应该如何解决这个问题?
- A
Enable Virtual Private Cloud (VPC) flow logging.
- B
Enable Firewall Rules Logging for the firewall rules you want to monitor.
- C
Verify that your user account is assigned the compute.networkAdmin Identity and Access Management (IAM) role.
- D
Install the Google Cloud SDK, and verify that there are no Firewall logs in the command line output.
答案:B
查看解析
[单选]Question #14Topic 1Question #143
Your company has a networking team and a development team. The development team runs applications on Compute Engine instances that contain sensitive data. The development team requires administrative permissions for Compute Engine. Your company requires all network resources to be managed by the networking team. The development team does not want the networking team to have access to the sensitive data on the instances. What should you do?
你的公司有一个网络团队和一个开发团队。
开发团队在包含敏感数据的计算引擎实例上运行应用程序。
开发团队需要对计算引擎的管理权限。
您的公司要求所有的网络资源都由网络团队来管理。
开发团队不希望网络团队能够访问这些实例上的敏感数据。
你应该做什么?
- A
1) Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2) Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3) Use Cloud VPN to join the two VPCs.
- B
1) Create a project with a standalone Virtual Private Cloud (VPC), assign the Network Admin role to the networking team, and assign the Compute Admin role to the development team.
- C
1) Create a project with a Shared VPC and assign the Network Admin role to the networking team. 2) Create a second project without a VPC, configure it as a Shared VPC service project, and assign the Compute Admin role to the development team.
- D
1) Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2) Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3) Use VPC Peering to join the two VPCs.
答案:C
查看解析
[单选]Question #151
Your company has a support ticketing solution that uses App Engine Standard. The project that contains the App Engine application already has a Virtual Private Cloud (VPC) network fully connected to the company's on-premises environment through a Cloud VPN tunnel. You want to enable the App Engine application to communicate with a database that is running in the company's on-premises environment. What should you do?
您正在将一个应用程序部署到谷歌云中。
:表示一个系统的含义。谷歌云中的应用程序必须与非谷歌云环境中的应用程序进行专用网络通信 预期的平均吞吐量为200 kbps。业务需要尽可能多的成本优化,以接近100%的系统可用性 您需要设计业务需求之间的连接性。
你应该提供什么?
- A
Configure private Google access for on-premises hosts only.
- B
Configure private Google access.
- C
Configure private services access.
- D
Configure serverless VPC access.
答案:D
[单选]You are deploying an application to Google Cloud. The of a system.The application in Google Cloud must communicate to private network with applications in a non-Google cloud environment
The expected average throughput is 200 kbps.The business require as close to 100% system availability as possible cost optimization
You need to design the connectivity between the business requirements. What should you provision?
- A
An HA Cloud VPN gateway connected with two tunnels to an on-premises VPN gateway.
- B
A single Cloud VPN gateway connected to an on-premises VPN gateway.
- C
Two Classic Cloud VPN gateways connected to two on-premises VPN gateways. Configure each classic cloud VPN gateway to have two tunnels,each connected to different on-premises VPN gateways.
- D
Two HA Cloud VPN gateways connected to two on-premises VPN gateways. Configure each HA Cloud VPN gateway to have two tunnels,each connected to different on-premises VPN gateways.
答案:A
查看解析
[单选]You have been asked to create robust Virtual Private Network (VPN)connectivity between a new Virtual Private Cloud (VPC)and a remote site.Key requirements include dynamic routing, a shared address space of 10.19.0.1/22,and no overprovisioning of tunnels during a failover event.You want to follow Google-recommended practices to set up a high availability Cloud VPN.What should you do?我们已经要求您在一个新的虚拟私有云(VPC)和一个远程站点之间创建一个健壮的虚拟私有网(VPN)连接。关键需求包括动态路由、10.19.0.1/22的共享地址空间,以及在故障转移事件期间不过度配置隧道。您希望遵循谷歌推荐的实践来建立一个高可用性的云VPN。你应该怎么做?
- A
Use a custom mode VPC network,configure static routes,and use active/passive routing.
- B
Use an automatic mode VPC network,configure static routes, and use active/active routing.
- C
Use a custom mode VPC network,use Cloud Router border gateway protocol(BGP)routes,and use active/passive routing.
- D
Use an automatic mode VPC network,use Cloud Router border gateway protocol(BGP)routes,and configure policy-based routing.
答案:C
知识点之Interconnect Dedicated
谷歌今天推出了一项名为Google Cloud Interconnect Dedicated的新服务,服务于大型企业将其数据中心直接连接到其公有云端,换句话说,为企业建立一个可直接连接到谷歌云的专用网络,称为专用互连。
专用互连(目前为测试版)将提供企业在谷歌公有云Google Cloud Platform(GCP)建立高可用的高带宽网络连接,并对接谷歌云平台的延迟敏感和数据密集型应用的服务。
这项服务比Google现有的解决方案(如Google Cloud VPN服务)更进一步,让企业能在私有网络和Google云端之间建立安全通道,来进行数据和云业务应用的迁移及管理。Google表示,这对混合云环境很有用,可将企业数据中心的IP空间扩展到Google Cloud,或高带宽流量。