Networking

Question 1

Lowest priority for firewall rule

Answer 1

65,535

Question 2

VPC implied rules (2)

Answer 2

Block all incoming traffic

Allow all outgoing traffic

Question 3

Default rules for VPC default network (4)

Answer 3

default-allow-internal

default-allow-ssh (TCP port 22)

default-allow-rdp (TCP on port 3389)

default-allow-icmp (ping)

Question 4

Cloud Router

Answer 4

Software defined dynamic routing GCP uses to advertise IP address ranges to destinations OUTSIDE VPC network

Question 5

Cloud Router provides routing services for…(4)

Answer 5

Dedicated Interconnect
Partner Interconnect
HA VPN
Classic VPN tunnels that use dynamic routing

Question 6

Auto mode VPC subnets fit within CIDR block..

Answer 6

10.128.0.0/9

Question 7

VPC network peering works with which IaaS (3)

Answer 7

Compute Engine
App Engine Flexible
GKE

Question 8

Hybrid network implementation options (3)

Answer 8

Cloud VPN
Cloud Interconnect
Direct Peering

Question 9

Cloud VPN gateways (2)

Answer 9

HAVPN

Classic VPN

Question 10

Cloud VPN - max network bandwidth per tunnel

Answer 10

3 Gbps

Question 11

Dedicated Interconnect - bandwidth options

Answer 11

10 Gbps (up to 8 x 10 for 80 Gbps)
100 Gbps (up to 2 x 100 for 200 Gbps)

Question 12

Partner Interconnect - VLAN attachment size options

Answer 12

50 Mbps - 50 Gbps

Question 13

Cloud Router used for … (3)

Answer 13

HA VPN
Cloud Interconnect
Router Appliance

Question 14

Direct Peering

Answer 14

Used to access Workspace services from on prem

Question 15

Private Service Connect for Google APIs

• Clients
• Connection
• Supported services
• Usage

Answer 15

GCP resources without external IP and on premises systems

Connect to a Private Service Connect endpoint in VPC network which forwards request to Google APIs and services

Supports most Google APIs and services

Allows private consumption of services across VPC networks that belong to different groups, teams, projects, orgs

Question 16

Private Service Connect for Google APIs with Consumer HTTPS service controls

• Clients
• Connection
• Supported Services
• Usage

Answer 16

GCP resources without external IP and on prem systems
Connect to internal HTTP load balancer in VPC network which forwards request to Google APIs and services
Supports selected regional Google APIs and services

Connect to regional Google APIs and services using HTTP(S) Internal Load Balancer

Option to use URL mapping to limit access to specific APIs

Question 17

Private Google Access

• Clients
• Connection
• Supported services
• Usage

Answer 17

GCP resources without external IPs
Connect to standard external IP or Private Google Access domains and VIPs for Google APIs and services via network’s default internet gateway
Supports most GCP APIs and services

Access to external IP addresses used by App Engine and third party App Engine based services

Question 18

Private Google Access for On-Prem Hosts

• Clients
• Connection
• Supported services
• Usage

Answer 18

On prem hosts with or without external IP
Connect to Google APIs and services through Cloud VPN tunnel or Cloud Interconnect via one of the Private Google Access-specific domains and VIPs
Access Private Google Access domains specified

Connect from on prem to Google APIs and services through VPC

Question 19

Private Service Access

• Clients
• Connection
• Supported services
• Usage

Answer 19

GCP VM instances with or without external IP
Connect to GCP or third party managed VPC network through a VPC Network Peering connection
Some GCP and third party services

Connects instances in your VPC network to service producer’s VPC network via VPC Network Peering connection.

(use IPv4 range allocated for service producers)

Question 20

Serverless VPC Access

Answer 20

Allows serverless environment (Cloud Run, App Engine, Cloud Functions) to connect to your VPC network

Serverless environment sends requests to VPC network using internal DNS and internal IP address

Question 21

Advanced traffic management capabilities

Answer 21

Traffic steering
- route based on HTTP parameters (host, path, headers)

Traffic actions
- request based and response based actions (redirects and header transformations)

Traffic policies
- fine tune behavior (advanced load balancing algorithm)

Question 22

Backend Service (5 features)

Answer 22

Configuration determines load balancing behavior

• Direct traffic to correct backend
• Distribute traffic according to balancing mode
• Determine which health check is monitoring backend
• Specify session affinity
• Determine if services are enabled (Cloud CDN, Cloud Armor, Identity-Aware Proxy)

Question 23

Load balancer for Cloud CDN

Answer 23

External HTTP load balancer

Question 24

External UDP/TCP Network Load Balancer

• Regional or global
• How distribute traffic
• Use Case

Answer 24

Regional

Pass through
Distributes external traffic among VM instances
Packets pass through from client to backend (no backend service)

Use Cases:

• Forward packets from internet unproxied - need client source IP preserved
• Migrate existing pass through load blancer

Question 25

Internal TCP/UDP Load Balancer - Regional or global - How distribute traffic - Use Cases

Answer 25

Regional backends and frontends. **Global access supported Pass through Frontend forwarding rule to backend service (instance groups or NEGs) 3 tier web app - between frontend and middleware Next hop from server to gateway

Question 26

Internal HTTP(S) Load Balancer - Regional or global - How distribute traffic - Use Cases

Answer 26

Regional only Forwarding rule specifies internal IP, port, regional target HTTP proxy Frontend - internal IP, proxy-only subnet URL map to determine routing Private Service Connect for Google APIs and consumer HTTP service Modernizing monolith legacy app (place in front of monolith to distribute subset of traffic to new microservices)

Question 27

Regional External HTTPS Load Balancer - How distribute traffic - Use Cases

Answer 27

External forwarding rule to Envoy proxies in same region as load balancer to regional backend service Use advanced networking features for external HTTP traffic while using standard tier network

Question 28

SSL Proxy Load Balancer - Regional or global - How distribute traffic - Use cases

Answer 28

Regional and standard or global and premium Premium: - Adverise load balancer global anycast IP - GFE directs request to healthy backend instance groups or NEG in region closest to user Standard: - Advertise load balancer's external IP from POP in same region as forwarding rule Offload SSL processing, control SSL features with SSL policies, terminate TLS in globally distributed locations to minimize latency

Question 29

Global External HTTP Load Balancer | - How traffic is distributed

Answer 29

Requests routed to GFE closest to client (or in same region as load balancer if regional) External forwarding rule specifies external IP, port, and target HTTP Proxy Target HTTP proxy authenticates clients using SSL certs Backend service distributes to healthy backend

Question 30

Load balancer for Cloud CDN

Answer 30

External HTTP

Question 31

Load balancer for Private Service Connect for Google APIs and Consumer HTTP Service

Answer 31

Internal HTTP

Question 32

Standard API operations (5)

Answer 32

``` List Get Create Update Delete ```

Question 33

IPs in each subnet reserved for Google (4)

Answer 33

First address - Network Second address - Gateway Second to last - Potential future use by Google Last - Broadcast

Question 34

Cloud VPN max network bandwidth per tunnel

Answer 34

3 Gbps

Question 35

K8 Networking Modes (2)

Answer 35

VPC native cluster - Uses alias IPs to route traffic between pods Routes-Based cluster - Google Cloud routes to route traffic between pods

Question 36

Packet Mirroring

Answer 36

Clones traffic to and from VM instances and forwards for inspection

Question 37

Network Intelligence Center (4) modules

Answer 37

Network topology map Connectivity tests Performance dashboard Firewall insights

Question 38

Traffic Director

Answer 38

Fully managed, HA control plane for service mesh