Networking

Question 1

Google Front End

Answer 1

Reverse proxy that protects backend Google services.
Authenticates, assures integrity, and encrypts traffic.
Once traffic passed to GFE, under purview of GCP.

Question 2

What are the two network service tiers GC offers?

Answer 2

Premium - cold potato routing

Standard - hot potato routing

Question 3

What is meant by cold potato routing?

Answer 3

GC will hold on to traffic within Google network for as long as possible before passing to public internet.

GC will hand off to edge POP closest to user.

Question 4

Google Front End (GFE)

Answer 4

Reverse proxy that protects backend Google services

Question 5

Default route

Answer 5

System-generated route that defines path for traffic that needs to leave VPC

Question 6

Subnet

Answer 6

Logical subdivision of RFC 1918 IP space

Question 7

Are VPCs and subnets global or regional resources?

Answer 7

VPCs are global

Subnets are regional

Question 8

What’s the difference between an auto mode VPC network and custom mode VPC network?

Answer 8

Auto mode - default network created when you create a project. Each region automatically gets a /20 subnet.

Custom mode - does not come with any subnets or IP ranges so admin has full control to define.

Question 9

What’s the difference between regions and zones?

Answer 9

Region is collection of zones.

Zone is isolated location within a region, typically a single data center.

Question 10

What’s a useful application of network tags?

Answer 10

Strings that are used by FIREWALLS and ROUTES to apply to specific VM instances.

Question 11

T/F: you can modify the primary IP range for your subnet.

Answer 11

F. You can expand the IP address range of your subnet once you’ve created, but you do so by adding an alias IP range.

Question 12

Private Google Access

Answer 12

Allows instances without external IP addresses to access resources outside of the network from within GC services, i.e. GCS, Cloud Source Repos.

Question 13

Private Service Access

Answer 13

Allows you to connect to Google or third-party services located on OTHER VPC NETWORKS hosted by Google or third parties.

Question 14

What is the difference between Private Google Access and Private Service Access?

Answer 14

Private Google Access allows you to access assets/resources from outside your network via GC services.

Private Service Access allows you to access third-party services without leaving GC’s network.

Question 15

Shared VPC

Answer 15

Allows you to connect resources from different projects to a single VPC.

Question 16

T/F: in a shared VPC model, billing is attributed to the host project.

Answer 16

F. One benefit of using a shared VPC is that organizations can centrally manage network resources while individual BUs own their portions of the bill.

Question 17

VPC Peering

Answer 17

Allows two separately managed VPCs to communicate with each other.

Question 18

T/F: there is more latency between two resources across peered VPCs than between two resources within the same VPC.

Answer 18

F

Question 19

Cloud VPN

Answer 19

Allows you to connect any of your peer networks to VPC securely through an IPSec-encrypted tunnel.

VPNs create secure connections over non-secure connections.

Question 20

Name two use cases for Cloud DNS

Answer 20

Cloud DNS can act as

• An authoritative DNS server for public domains with Internet visibility
• A DNS server for private zones only visible within a private network.

Question 21

What is the difference between Dedicated and Partner Interconnect?

Answer 21

Dedicated Interconnect provides a direct, dedicated physical connection between your on-prem network and GCP.

Partner Interconnect provides a connection between your on-prem and VPC networks through a supported service provider.

Question 22

What are the different bandwidth constraints between Cloud VPN and Cloud Interconnect?

Answer 22

Cloud VPN supports up to 3 Gbps per tunnel

Cloud Interconnect supports up to 10 Gbps for Partner and 100 Gbps for Direct

Question 23

What are the different types of Cloud Load Balancers?

Answer 23

Internal (TCP/UDP, HTTP)

External (

Question 24

What are the different types of Cloud Load Balancers?

Answer 24

Internal (TCP/UDP, HTTP)

External (TCP/UDP network, TCP proxy, SSL proxy, HTTP)

Question 25

What might be the reason VM instances sitting behind a load balancer keep restarting?

Answer 25

Firewall rule not configured to allow traffic from internal LB to hit backend VM instances for health checks.

Question 26

What kinds of resources does Cloud CDN cache store content from?

Answer 26

VM instances and storage buckets