Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GCP Network Engineer Intermdiate > VPC Networking Fundamentals > Flashcards

VPC Networking Fundamentals Flashcards

1
Q

How can subnets talk to other subnets in the same VPC?

A

This is enabled by default and no routes are needed. If the instances cannot talk to either other, there may be a firewall rule blocking it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you configure on-prem private API access?

A

Use restricted.googleapis.com (199.36.153.4/30) and private.googleapis.com (199.36.153.8/30). Restricted is better because it integrates with VPC service controls. Route traffic over the VPN or interconnect to use this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you list the attributes of custom roles?

A

gcloud iam roles list –project tbd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are higher priority values more important or less important?

A

Less important

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between a policy based vpn and a route based vpn?

A

Both are for static routing. Policy based routing: Local IP ranges (left side) and remote IP ranges (right side) are defined as part of the tunnel creation process. Route based VPN: When you create a route based VPN using the GCP Console, you only specify a list of remote IP ranges. Those ranges are only used to create routes in your VPC network to peer resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a traffic selector?

A

A traffic selector defines a set of IP address ranges or CIDR blocks used to establish a VPN tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the operational metrics for an interconnect link?

A

network/interconnect/operational says if the interconnect itself is up, and network/interconnect/link/operational tells if an individual circuit is up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are possible targets of a cloud armor policy?

A

It only works on HTTP(S) load balancers. Can set IP ranges for allow/deny and can specify a target backend.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a network endpoint group (NEG)?

A

Network endpoint groups (NEGs) are zonal resources that represent collections of IP address and port combinations for GCP resources within a single subnet. Each IP address and port combination is called a network endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Secondary subnet range?

A

Secondary range you can apply to a subnet for use with alias IP ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why would you use tags over service accounts for firewall rules?

A

Don’t need to restart VM to change, can have multiple tags on a VM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why would you use service accounts over network tags for firewall rules?

A

Anyone can set any tag! Service accounts are resources with permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the IP address ranges you need to assign when you build a GKE cluster?

A

“Node subnet
Services secondary range
Pods secondary range
Master IP range (for private clusters)”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an Ingress controller?

A

It is a GKE service that creates and manages an HTTP(s) load balancer on GCP. The backend can be a NEG.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

GCP Network Engineer Intermdiate (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions