Domain 3.5: Deploying and implementing networking resources

You are creating a custom VPC network. You need to create a subnet in the `us-west1` region with a CIDR range of `10.0.1.0/24`. What is the correct approach?

You have Compute Engine instances in a VPC subnet that do not have external IP addresses. They need to download software updates from the internet. Which TWO resources must you configure to allow this outbound traffic securely? (Select TWO)

You are setting up a custom-mode Virtual Private Cloud (VPC) network. You need to create a subnet in the 'us-west1' region with the CIDR block '10.0.1.0/24'. Which TWO gcloud commands must you run to achieve this? (Select TWO)

You have a 3-tier application deployed on Compute Engine: Web, App, and Database tiers. You need to create firewall rules to ensure that only the Web tier can communicate with the App tier, and only the App tier can communicate with the Database tier. According to Google Cloud best practices, which TWO methods should you use to target these specific instances in your firewall rules? (Select TWO)

You have created a custom-mode Virtual Private Cloud (VPC) network named 'my-vpc'. You now need to create a subnet named 'frontend-subnet' in the europe-west1 region with the IP range 10.0.1.0/24. Which gcloud command should you use?

You have a VPC network with two sets of Compute Engine instances: Web servers and Database servers. You want to create a firewall rule that allows traffic on port 5432 ONLY from the Web servers to the Database servers. You want to ensure this rule automatically applies to any new Web or Database servers created in the future. Which TWO actions should you take to configure this securely and efficiently? (Select TWO)

You are creating a new Virtual Private Cloud (VPC) network for your organization. You want complete control over the IP address ranges used in every region, and you do not want GCP to automatically create any subnets for you. Which gcloud command should you use to create the VPC?

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic ONLY to specific instances acting as web servers, while blocking it for database instances in the same subnet. Which TWO steps should you take to implement this using GCP Firewall Rules? (Select TWO)

You are setting up a custom network topology. You need to create a new VPC network that does not automatically create subnets, and then you need to manually add a subnet to it in the `us-west1` region. Which sequence of gcloud commands should you use?

You have a VPC network with several Compute Engine instances. You want to allow incoming HTTP (port 80) traffic from the public internet, but ONLY to specific instances that serve as web servers. You want to manage this using network tags. Which TWO actions must you take? (Select TWO)

You are setting up the network foundation for a new project. You need to create a custom-mode Virtual Private Cloud (VPC) network named 'prod-vpc' using the command line. Which gcloud command should you use?

You have a three-tier application deployed on Compute Engine: frontend web servers, backend application servers, and a database server. You need to configure firewall rules so that ONLY the frontend servers can communicate with the backend servers on port 8080. Which TWO actions should you take to implement this securely and efficiently? (Select TWO)

You are setting up a new Google Cloud environment and need to create a Virtual Private Cloud (VPC). You want full control over the IP address ranges used in your subnets and do not want Google to automatically create subnets in every region. Which command should you use to create the VPC?

You have a three-tier application running on Compute Engine: web servers, application servers, and database servers. You want to create firewall rules to ensure that ONLY the application servers can communicate with the database servers on port 3306. Which TWO actions should you take to configure this securely using network tags? (Select TWO)