Professional Documents
Culture Documents
This quiz covers the topics from the prior week's coursework. Your identity is not tracked:
this quiz is for practice and self-assessment.
Note that questions on the actual exam will not often be simple knowledge recall.
Which od the following does not represent an attack on the network? 1/1
SYN flood
Denial Of Service
NMAP Scan
Brute force
Feedback
NMAP is a relatively harmless utility for network mapping. It's not a direct attack tool.
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 1/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
You have defined subnets in a VPC within Google Cloud Platform. You need1/1
multiple projects to create Compute Engine instances with IP addresses
from these subnets. What should you do?
Use Shared VPC to share the subnets with the other projects.
You are designing a new VPC network that will route traffic to networks in 1/1
your company’s private data center. You want to ensure that your VPC can
support high availability in the future. The data center team requires you to
use a routing protocol that can dynamically fail over if there is a link failure
in the data center. Your management requires your design to use only
native cloud services. Which routing protocol should you use?
BGP
RIP
OSPF
Static routing
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 2/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
Your new project currently requires 5 gigabits per second (Gbps) of egress 1/1
traffic from your Google Cloud environment to your company’s private data
center, but may scale up to 80 Gbps of traffic in the future. You do not have
any public addresses to use. Your company is looking for the most cost
effective long-term solution. Which type of connection should you use?
Carrier Peering
Partner Interconnect
Dedicated Interconnect
Choose the two ways that Google Cloud Platform helps mitigate the risk of 1/1
DDoS for its customers (choose 2):
Google Front End which mitigates and absorbs many Layer 4 and below
attacks, such as SYN floods, IP fragment floods port exhaustion, etc
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 3/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
Connect to a bastion host in your VPC. Use a network traffic analyzer to determine
at which point your requests are being blocked.
Enable Firewall Rules Logging on the latest rules that were changed. Use Logs
Explorer to analyze whether the rules are working correctly.
Enable VPC Flow Logs in your VPC. Use Logs Explorer to analyze whether the rules
are working correctly.
A customer wants to run a batch processing system on VMs and store the 0/1
output files in a Cloud Storage bucket. The networking and security teams
have decided that no VMs may reach the public internet.
Correct answer
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 4/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
Which type of load balancer should you use to maintain client IP by default 1/1
while using the standard network tier?
SSL Proxy
TCP Proxy
Internal TCP/UDP
TCP/UDP Network
Feedback
Proxy-based load balancers do not preserve client IP. Internal TCP/UDP LB cannot be set
up with standard network tier (https://cloud.google.com/network-
tiers/docs/overview#premium_tier_and_standard_tier_summary)
Cloud Armor
Cloud CDN
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 5/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
You are a member of your company’s security team. You have been asked 1/1
to reduce your Linux bastion host external attack surface by removing all
public IP addresses. Site Reliability Engineers (SREs) require access to the
bastion host from public locations so they can access the internal VPC
while off-site. How should you enable this access?
Implement Cloud VPN for the region where the bastion host lives.
Feedback
https://cloud.google.com/architecture/building-internet-connectivity-for-private-vms
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 6/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
Cloud Armor
NAT Gateway
Your team created an egress firewall rule to deny (priority 1000) all traffic
to the internet.
The Compute Engine instances now need to reach out to the public
repository to get security updates.
Create an egress firewall rule to allow traffic to the CIDR range of the repository
with a priority greater than 1000.
Create an egress firewall rule to allow traffic to the CIDR range of the repository
with a priority less than 1000.
Create an egress firewall rule to allow traffic to the hostname of the repository with
a priority greater than 1000.
Create an egress firewall rule to allow traffic to the hostname of the repository with
a priority less than 1000.
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 7/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
VPC peering
Cloud VPN
Cloud Interconnect
Shared VPC
A large e-retailer is moving to Google Cloud Platform with its ecommerce 1/1
website. The company wants to ensure payment information is encrypted
between the customer’s browser and GCP when the customers checkout
online.
Configure the firewall to allow outbound traffic on port 443, and block all other
outbound traffic.
Configure the firewall to allow inbound traffic on port 443, and block all other
inbound traffic.
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 8/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
Your team sets up a Shared VPC Network where project co-vpc-prod is the 1/1
host project. Your team has configured the firewall rules, subnets, and VPN
gateway on the host project. They need to enable Engineering Group A to
attach a Compute Engine instance to only the 10.1.1.0/24 subnet.
Forms
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9n… 9/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 10/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 11/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 12/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 13/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 14/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 15/16
8/22/23, 9:08 AM PCSE Week 3 (Network security) - Quiz
https://docs.google.com/forms/d/e/1FAIpQLSf2oXo1vwL5p4T9ix2KVq5-xWZTihns99GCQOkFjLJSNAHS6w/viewscore?viewscore=AE0zAgCNuoL-9… 16/16