GCP Networkng Flashcards

Question 1

Q

How can I monitor the traffic on the VPC network to see where packets are coming from?

Answer

A

Enabling flow logs.

Question 2

Q

What is the largest network space you can have in a GC VPC?

Question 3

Q

Will the CloudFirewall block traffic between instances in the same network?

Answer

A

Yes as the FW rules are applied at the instance level. and at the virtual network level.

Question 4

Q

Will the CloudFirewall block traffic coming into the network?

Answer

A

Yes as the firewall rules are applied at the virtual network and instance level.

Question 5

Q

When you create a GCP network (VPC), will this network (VPC) span more then a single region?

Answer

A

Yes, when you create a network (VPC), it spans every region.

Question 6

Q

Is a GCP network (VPC) able to span projects?

Question 7

Q

What is an external IP?

Answer

A

It is an IP address available externally and is assigned to the instances network interface.

Question 8

Q

By default the external IP address is ephemeral, what dose this mean?

Answer

A

It means the external IP address is given an public IP from the GCP global IP pool and this IP is put back in the pool once the instance is rebooted.

Question 9

Q

I have an external IP that is ephemeral when I stop and start my instance, is the external IP returned to the GCP global pool and do i get a new one on restart?

Answer

A

Yes, the address is returned to the pool and you get a new one once the VM is restarted.

Question 10

Q

What are the two different types of static IP you can reserve?

Answer

A

regional for assigning to a instance and global that can be assigned to a load balancer.

Question 11

Q

When I create firewall rule, can I apply the rule to the entire VPC (global network) ?

Answer

A

Yes, the rule will span the entire global VPC network.

Question 12

Q

When I create firewall rule, can I apply the rule to a group of instances?

Answer

A

Yes, you can match the rule based on tags

Question 13

Q

Is network load balancing regional or global?

Answer

A

The network load balancer is regional or multi-region.

Question 14

Q

What are the two types of IP addresses in GCP?

Answer

A

Static and ephemeral

Question 15

Q

An instance can only use a static IP that has been reserved in the same?

Question 16

Q

What is cloud interconnect?

Answer

A

It refers to the 3 options to connect you on-prem to GC.

Question 17

Q

What options do you have to connect from on-prem to GCP.

Answer

A

Cloud VPN
Peering
Dedicated interconnect

Question 18

Q

What is Dedicated interconnect?

Answer

A

you connect with google’s network at a colocation, this is an expensive option but supports upto 80 GBper sec, a single link is 10GB at a cost of 1700 per month.

Question 19

Q

I need 50GB bandwidth to google, what is my best option?

Answer

A

Dedicated interconect, this is where you connect to a colocation, colocation has a CP peering edge.

Question 20

Q

With Dedicated interconnect, do you pay egress fees?

Answer

A

Yes, but at a discount, upto 50%

Question 21

Q

With Dedicated interconenct can I have it connect to my VPC or Google over all for say G-Suit?

Answer

A

Direct interconnect only supports connecting to a VPC.

Question 22

Q

What is Peering?

Answer

A

Peering connects you with google network so you can call the google API and services.

Question 23

Q

Will peering connect to the internet

Question 24

Q

What is the peering speed?

Question 25

Q

What speed is supported by cloud VPN?

Question 26

Q

When using CloudVPN, what options do I have to make it faster?

Answer

A

Use a second VPN

Question 27

Q

For CloudVPN what is the protocal?

Question 28

Q

For CloudVPN what key exchange is suported?

Answer

A

IKE1v1 and IKEv2

Question 29

Q

With CloudVPN, is client to site supported?

Question 30

Q

With CloudVPN is dynamic routs supported?

Answer

A

Yes use CloudRouter

Question 31

Q

For CloudVPN what is the SLA?

Question 32

Q

Is a VPC a global or regional resource?

Question 33

Q

Is a subnet a regional or global resource?

Question 34

Q

Is a subnet a a zone bound resource?

Answer

A

No it spans zones within a region.

Question 35

Q

Is it possible to share a VPC between projects?

Question 36

Q

Is there a instance limit on a VPC?

Answer

A

Yes 7000 instances, you can use a second VPC.

Question 37

Q

In a VPC can I use unicast or broadcast traffic?

Question 38

Q

Can I convert manual addressing to automatic?

Answer

A

No you can only go from auto to manual

Question 39

Q

is IpPvs supported?

Answer

A

no, but ipv6 can be used to reach the LB for resources in the network, this also include the LB for app engine.

Question 40

Q

what are network tags?

Answer

A

The primary method of segmenting traffic for instances.

Question 41

Q

Is the firewall regional or attached to the global VPC?

Answer

A

Attached to the global VPC, this mean when you setup a firewall rule you attached it to a VPC and it is global.

Question 42

Q

Do you define firewall rules at the subnet or instance level?

Answer

A

Both instance and subnet level

Question 43

Q

Is all ingress traffic denied by default?

Question 44

Q

Is all egress traffic denied by default?

Question 45

Q

Are firewall rules prioritized?

Answer

A

Yes, rules are evaluated lowest number first.

Question 46

Q

When you create a VPC what default firewall rules do you get when the VPC is using automatic subnet mode creation?

Answer

A

allow-icmp 65534
allow-internal 65534
allow-rdp 65534
allow-ssh 65534
deny-all-ingres 65535
allow-all-egress 65535

Question 47

Q

Are all default rules asigned a low or high priority number?

Answer

A

Most all rules get 65K at top end, http and https get 1K at ko end.

Question 48

Q

When you create a VPC with two subnets, can VM 1 in subnet 1 ping VM 2 in subnet 2?

Answer

A

Yes, by default you get a default firewall rule to enable traffic that is local between subnets.

Question 49

Q

What is a router?

Answer

A

It defines where a packet is sent once it leaves the VM?

Question 50

Q

How would i take two VM and route all traffic to a proxy?

Answer

A

Define a route with a tag and asigne the tag to the VM’s

Question 51

Q

For routes what are my next hop options

Answer

A

default internet gateway
VPN tunnel
IP
Instance

Question 52

Q

Are routes global?

Answer

A

Yes, they are attached to a VPC (global)

Question 53

Q

What is a host project?

Answer

A

I refers to a project that will host a VPC for other projects.

Question 54

Q

What is a service project?

Answer

A

It refers to a project that is using a host project VP.

Question 55

Q

What is a standalone project?

Answer

A

It is a project that is not using a shared VPC

Question 56

Q

Can I share a hosted projects outside the orgnization?

Question 57

Q

Can i link a service project with many host projects?

Answer

A

No only one host project.

Question 58

Q

Van a project be both a service and host project?

Question 59

Q

When I create a VPC subnet, is the subnet tied to a zone?

Answer

A

No it is independent of the zone, when you deploy an instance, it is at this time you defne in what zone the instance and disk will live.

Question 60

Q

I created a VPC with auto subnet mode, I have two subnets with an instance in each, will I be able to ping without adding a firewall rule?

Answer

A

Yes, the following rules are created,

allow-icmp 65534
allow-internal 65534
allow-rdp 65534
allow-ssh 65534
deny-all-ingres 65535
allow-all-egress 65535

Question 61

Q

I created a VPC with custom subnet mode, I have two subnets with an instance in each, will I be able to ping without adding a firewall rule?

Answer

A

No, no firewall rules are created.

Question 62

Q

What is a custom subnet?

Answer

A

Where you create the subnet and manually enter the required firewall rules.

Question 63

Q

When you create a VPC what default routes do you get?

Answer

A

Default gateway

- A rule to any subnets you create as part of the VPC

Question 64

Q

What are the filters you can use on a firewall rule?

Answer

A

Source port
Dest port
Source address
Dest address
Portocal

Answer 48

A

No, it is a tag, tags are used for networking.

Answer 49

A

CloudVPN

- VPC Peering

Answer 50

A

VPC peering can be used for this.

Answer 51

A

VPC peering can be used for this.

Answer 52

A

Use firewall logging.

Answer 53

A

Stackdriver
pub/sub
BigQuery

Answer 54

A

The IP is not given back to the pool.

Answer 55

A

Open firewall for the health check from specific ports found in network LB documentation.

Answer 56

A

SSL proxy and TCP

Answer 57

A

Yes, off by default.

Answer 58

A

It is an L4 LB supporting SSL proxy and TCP, it is single or multi-region.

Answer 59

A

It is an L7 LB and supports only multi-region and HTTP and HTTP(S).

Answer 60

A

Both, internal between instances and external to receive traffic from the internet.

Answer 61

A

Global, unlike AWS, the load balancer is a global load balancer receiving traffic and distributing it to one or more regional globally

Answer 62

A

No, it is an internet only facing LB

Brainscape's Knowledge GenomeTM

GCP Networkng Flashcards

Brainscape's Knowledge Genome^TM