1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :333 Q&As
  • Last Updated
    :May 31, 2026

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Questions & Answers

  • Question 121:

    Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.

    Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

    A. VPC peering
    B. Shared VPC
    C. Cloud VPN
    D. Dedicated Interconnect
    E. Cloud NAT

  • Question 122:

    You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.

    How should you configure the health check?

    A. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
    B. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
    C. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
    D. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.

  • Question 123:

    You are doing a canary test for a new version of an online retailer's main application, called app-v2, which is configured as a separate backend service from the current version, app-v1. You need to direct 10% of the traffic for the path /shop to app-v2 and direct the remaining 90% to app-v1. The app-v2 service supports calls on both /shop/v2 and /shop, and the app-v1 service only supports calls on /shop. You need to implement the most efficient solution to achieve this traffic split and path rewrite.

    What should you do?

    A. - Create a path rule for /shop in the URL map. - Configure its route action with weightedBackendServices to split traffic 90% to app-v1 and 10% to app-v2.
    B. - Create a single URL map rule for the /shop path. - In the rule's route action, configure weightedBackendServices to split traffic 90/10 between app-v1 and app-v2. - Configure a urlRewrite to change the path to /shop/v2.
    C. - Create two URL map rules with the same /shop path. - Configure the first rule with a higher priority to route traffic to app-v2, and perform a urlRewrite to /shop/v2. - Configure the second rule with a lower priority to route traffic to app-v1 without a rewrite.
    D. - Create two separate route rules in the URL map. - The first rule, with a higher priority, matches traffic based on a specific HTTP header and routes it to app-v2 with a URL. - The second rule, with a lower priority, routes all other traffic to app-v1.

  • Question 124:

    Your company's cloud network has hybrid connectivity to an on-premises environment through Cloud Interconnect in two regions (us-east4 and us-west1). You received complaints that some on-premises destinations are no longer reachable from us-east4, after changes were made to advertise additional routes to us-west1. You need to troubleshoot to see if any routes were dropped.

    What should you do?

    A. Query the dynamic_routes/learned_routes/dropped_unique_destinations metric and review the global routing_mode metric attribute.
    B. Query the dynamic_routes/learned_routes/unique_destinations_limit metric and review the global routing_mode metric attribute.
    C. Query the dynamic_routes/learned_routes/any_dropped_unique_destinations metric and review the regional routing_mode metric attribute.
    D. Query the dynamic_routes/learned_routes/dropped_unique_destinations metric and review the regional routing_mode metric attribute.

  • Question 125:

    Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in region us-west2. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2.

    What should you do?

    A. Enable firewall logging, and forward all filtered egress firewall logs to the IDS.
    B. Enable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.
    C. Create an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.
    D. Create an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

  • Question 126:

    Your company deployed a hub and spoke architecture in Google Cloud to host their workloads. They use VPC network peerings to connect the hub and the spokes. You need to replicate the design and use Network Connectivity Center.

    What should you do?

    A. Choose a Network Connectivity Center star topology. Deploy the hub VPC in the center group. Deploy the spoke VPCs in the edge group.
    B. Choose a Network Connectivity Center star topology. Deploy the spoke VPCs in the center group. Deploy the hub VPC in the edge group.
    C. Choose a Network Connectivity Center mesh topology. Configure the hub and the spokes as Network Connectivity Center spokes.
    D. Choose a Network Connectivity Center mesh topology. Configure the spokes as Network Connectivity Center spokes.

  • Question 127:

    You have a storage bucket that contains two objects. Cloud CDN is enabled on the bucket, and both objects have been successfully cached. Now you want to make sure that one of the two objects will not be cached anymore, and will always be served to the internet directly from the origin.

    What should you do?

    A. Ensure that the object you don't want to be cached anymore is not shared publicly.
    B. Create a new storage bucket, and move the object you don't want to be cached anymore inside it. Then edit the bucket setting and enable the private attribute.
    C. Add an appropriate lifecycle rule on the storage bucket containing the two objects.
    D. Add a Cache-Control entry with value private to the metadata of the object you don't want to be cached anymore. Invalidate all the previously cached copies.

  • Question 128:

    Your company has a web application, app.example.com, hosted on a Compute Engine instance within a Google Cloud VPC. You need to configure DNS so that employees inside the VPC resolve app.example.com to its private IP address, while external users on the internet resolve the same hostname to a public IP address managed by a global external HTTPS Application Load Balancer. Your solution needs to follow Google-recommended practices.

    What should you do?

    A. Use a Cloud DNS forwarding zone to send all queries for app.example.com from your VPC to an on-premises DNS server that holds the private record.
    B. Create a single public Cloud DNS zone for app.example.com. Add two 'A' records with the same hostname: one for the public IP and one for the private IP, relying on DNS round-robin.
    C. Use Cloud DNS split horizon to create two Cloud DNS zones for app.example.com: a public zone for the public IP and a VPC-authorized private zone for the private IP.
    D. Create a private Cloud DNS zone for app.example.com, and use a Cloud NAT gateway to translate the private IP to a public IP for external users.

  • Question 129:

    You configured a single IPSec Cloud VPN tunnel for your organization to a third-party customer. You confirmed that the VPN tunnel is established. However, the BGP session status states that the BGP is not configured. The customer has provided you with their BGP settings: Local BGP address: 169.254.11.1/30 Local ASN: 64515 Peer BGP address: 169.254.11.2 Peer ASN:

    64517 Base MED: 1000 MD5 Authentication: Disabled.

    You need to configure the local BGP session for this tunnel based on the settings provided by the customer. You already associated the Cloud Router with the Cloud VPN Tunnel.

    What settings should you use for the BGP session?

    A. Peer ASN: 64517 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled
    B. Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.1 Peer BGP IP: 169.254.11.2 MD5 Authentication: Disabled
    C. Peer ASN: 64515 Advertised Route Priority (MED): 100 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Disabled
    D. Peer ASN: 64515 Advertised Route Priority (MED): 1000 Local BGP IP: 169.254.11.2 Peer BGP IP: 169.254.11.1 MD5 Authentication: Enabled

  • Question 130:

    You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.

    How should you design this topology?

    A. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC-native cluster and specify those ranges.
    B. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC-native cluster and specify those ranges. When the services are ready to be deployed, resize the subnets.
    C. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
    D. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.