1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :333 Q&As
  • Last Updated
    :May 31, 2026

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Questions & Answers

  • Question 151:

    You are configuring an Application Load Balancer. The backend resides in your on-premises data center and is connected by Dedicated Interconnect. You need to ensure the load balancer can reference these on-premises resources. You do not want the traffic to traverse the internet at all.

    What should you do?

    A. Configure an internet network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
    B. Configure a zonal network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.
    C. Configure a hybrid network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
    D. Configure a Private Service Connect network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.

  • Question 152:

    You are deploying an application that runs on Compute Engine instances. You need to determine how to expose your application to a new customer. You must ensure that your application meets the following requirements: Maps multiple existing reserved external IP addresses to the instance Processes IP Encapsulating Security Payload (ESP) traffic.

    What should you do?

    A. Configure a target pool, and create protocol forwarding rules for each external IP address.
    B. Configure a backend service, and create an external network load balancer for each external IP address.
    C. Configure a target instance, and create a protocol forwarding rule for each external IP address to be mapped to the instance.
    D. Configure the Compute Engine instances' network interface external IP address from None to Ephemeral. Add as many external IP addresses as required.

  • Question 153:

    You configured Cloud VPN with dynamic routing via Border Gateway Protocol (BGP). You added a custom route to advertise a network that is reachable over the VPN tunnel. However, the on-premises clients still cannot reach the network over the VPN tunnel. You need to examine the logs in Cloud Logging to confirm that the appropriate routes are being advertised over the VPN tunnel.

    Which filter should you use in Cloud Logging to examine the logs?

    A. resource.type= "gce_router"
    B. resource.type= "gce_network_region"
    C. resource.type= "vpn_tunnel"
    D. resource.type= "vpn_gateway"

  • Question 154:

    You have provisioned a Partner Interconnect connection to extend connectivity from your on-premises data center to Google Cloud. You need to configure a Cloud Router and create a VLAN attachment to connect to resources inside your VPC. You need to configure an Autonomous System number (ASN) to use with the associated Cloud Router and create the VLAN attachment.

    What should you do?

    A. Use a 4-byte private ASN 4200000000-4294967294.
    B. Use a 2-byte private ASN 64512-65535.
    C. Use a public Google ASN 15169.
    D. Use a public Google ASN 16550.

  • Question 155:

    You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible. To ease the transition, you decided to use the same architecture as your on-premises network: a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic is sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits.

    What should you do?

    A. Connect all the spokes to the hub with Cloud VPN.
    B. Connect all the spokes to the hub with VPC Network Peering.
    C. Connect all the spokes to the hub with Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
    D. Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

  • Question 156:

    Your global media company delivers premium video content to a worldwide audience. You set up an external Application Load Balancer with an internet network endpoint group (NEG) pointing to your on-premises video storage. Cloud CDN is enabled on this backend service, and you are using signed URLs to ensure only authorized users can access the video files.

    A new, updated version of a popular video has recently been uploaded to the on-premises origin server, replacing the old file. You must ensure that all subsequent user requests retrieve the new version of the video immediately while maintaining the security of the content.

    What should you do?

    A. Rotate the Cloud CDN signed URL keys for the backend service.
    B. Modify the backend service's Cloud CDN policy to use origin headers for caching (USE_ORIGIN_HEADERS), and configure the origin to serve the video with a Cache-Control: no-store header.
    C. Temporarily disable signed URLs on the backend service, wait for the cache to expire, and then re-enable signed URLs.
    D. Invalidate the cache for the specific video file path, and ensure your application generates new signed URLs for users.

  • Question 157:

    You need to capture traffic from selected Compute Engine instances for analysis by a security appliance. The mirrored packets must be delivered to a collector behind an internal load balancer.

    What should you configure?

    A. Packet Mirroring with the selected instances or subnet as mirrored sources and the internal load balancer as the collector destination.
    B. Cloud NAT logging with translation logging enabled for all connections.
    C. A Cloud DNS response policy that redirects the selected instances to the collector.
    D. A Cloud Armor edge security policy attached to the selected instances.

  • Question 158:

    Your software team is developing an on-premises web application that requires direct connectivity to Compute Engine Instances in GCP using the RFC 1918 address space. You want to choose a connectivity solution from your on-premises environment to GCP, given these specifications: Your ISP is a Google Partner Interconnect provider. Your on-premises VPN device's internet uplink and downlink speeds are 10 Gbps. A test VPN connection between your on-premises gateway and GCP is performing at a maximum speed of 500 Mbps due to packet losses. Most of the data transfer will be from GCP to the on-premises environment. The application can burst up to 1.5 Gbps during peak transfers over the Interconnect. Cost and the complexity of the solution should be minimal.

    How should you provision the connectivity solution?

    A. Provision a Partner Interconnect through your ISP.
    B. Provision a Dedicated Interconnect instead of a VPN.
    C. Create multiple VPN tunnels to account for the packet losses, and increase bandwidth using ECMP.
    D. Use network compression over your VPN to increase the amount of data you can send over your VPN.

  • Question 159:

    You want to create a service in GCP using IPv6.

    What should you do?

    A. Create the instance with the designated IPv6 address.
    B. Configure a TCP Proxy with the designated IPv6 address.
    C. Configure a global load balancer with the designated IPv6 address.
    D. Configure an internal load balancer with the designated IPv6 address.

  • Question 160:

    You successfully provisioned a single Dedicated Interconnect. The physical connection is at a colocation facility closest to us-west2. Seventy-five percent of your workloads are in us-east4, and the remaining twenty-five percent of your workloads are in us-central1. All workloads have the same network traffic profile. You need to minimize data transfer costs when deploying VLAN attachments.

    What should you do?

    A. Keep the existing Dedicated interconnect. Deploy a VLAN attachment to a Cloud Router in us-west2, and use VPC global routing to access workloads in us-east4 and us-central1.
    B. Keep the existing Dedicated Interconnect. Deploy a VLAN attachment to a Cloud Router in us-east4, and deploy another VLAN attachment to a Cloud Router in us-central1.
    C. Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC global routing to access workloads in us-central1.
    D. Order a new Dedicated Interconnect for a colocation facility closest to us-central1, and use VPC global routing to access workloads in us-east4.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.