1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :333 Q&As
  • Last Updated
    :May 31, 2026

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Questions & Answers

  • Question 231:

    You are designing the network architecture for a hybrid environment where applications in Google Cloud and on-premises services must resolve DNS records for each other. You need a scalable and managed solution for seamless, bidirectional DNS resolution between your Google Cloud Virtual Private Cloud (VPC) and your on-premises network. You want to avoid manual DNS record synchronization and follow Google-recommended practices.

    What should you do?

    A. Implement Cloud DNS private zones for your Google Cloud resources. Configure an inbound server policy in your VPC for on-premises resolution. Create a Cloud DNS forwarding zone to resolve on-premises domain names.
    B. Establish Cloud DNS private zones within your Google Cloud project for all Google Cloud resources. Configure all on-premises DNS servers to conditionally forward queries for Google Cloud domains to these private zones through an inbound server policy on your VPC.
    C. Deploy a pair of custom DNS virtual machines in two Google Cloud regions of your VPC. Configure the pair to replicate DNS records with on-premises DNS servers. Update DHCP options for all cloud and on-premises instances.
    D. Configure a Cloud DNS public zone, and import all on-premises DNS records into it. Update all on-premises clients to use this Cloud DNS public zone as their primary DNS server.

  • Question 232:

    You are configuring an HA VPN connection between your Virtual Private Cloud (VPC) and on-premises network. The VPN gateway is named VPN_GATEWAY_1. You need to restrict VPN tunnels created in the project to only connect to your on-premises VPN public IP address: 203.0.113.1/32.

    What should you do?

    A. Configure a firewall rule accepting 203.0.113.1/32, and set a target tag equal to VPN_GATEWAY_1.
    B. Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs to use an allowList consisting of only the 203.0.113.1/32 address.
    C. Configure a Google Cloud Armor security policy, and create a policy rule to allow 203.0.113.1/32.
    D. Configure an access control list on the peer VPN gateway to deny all traffic except 203.0.113.1/32, and attach it to the primary external interface.

  • Question 233:

    Your company runs shop.example.com. a global e-commerce application deployed in three Google Cloud regions: us-central1, europe-west1, and asia-east1. Each regional deployment is served by a regional external Application Load Balancer. You need to configure Cloud DNS to route users to the regional load balancer closest to their geographic location to minimize latency.

    What should you do?

    A. Create a record set for shop.example.com using a Cloud DNS geolocation route policy that maps traffic originating from source geographies to the corresponding regional load balancer.
    B. Configure a failover routing policy where the primary backend is dynamically set to the region with the lowest latency, with the other regions serving as hot standbys.
    C. Use a weighted round-robin (WRR) policy to specify different weights per regional load balancer, assigning higher weights to the regional load balancers.
    D. Create a single "A" record for shop.example.com with all three regional load balancer IP addresses.

  • Question 234:

    You manage a rapidly growing ecommerce application running on a Google Kubernetes Engine (GKE) cluster. The cluster currently has a single-node pool (default-pool) that is configured with e2-standard-4 machine types and is using a /24 CIDR range for its nodes.

    You recently observed that the application pods were stuck in a "pending" state, and you discovered that the default-pool had reached its maximum size because the subnet's IP address space for nodes was exhausted. You need to add more compute capacity to the cluster immediately to handle the increased load and ensure future node scalability.

    What should you do?

    A. Configure a new primary range (that is, a new subnet) within the cluster's VPC. Create a new node pool using this new primary range.
    B. Add a new secondary IP address range to the existing subnet, and configure the default-pool to use it for new nodes.
    C. Edit the default-pool to use a larger machine type, such as e2-standard-8, to provide more resources per node.
    D. Increase the maxPodsPerNode setting on the existing default-pool to allow more pods to be scheduled.

  • Question 235:

    You are configuring a new instance of Cloud Router in your Organization's Google Cloud environment to allow connection across a new Dedicated Interconnect to your data center. Sales, Marketing, and IT each have a service project attached to the Organization's host project.

    Where should you create the Cloud Router instance?

    A. VPC network in all projects
    B. VPC network in the IT Project
    C. VPC network in the Host Project
    D. VPC network in the Sales, Marketing, and IT Projects

  • Question 236:

    You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.

    Which type of load balancer should you use?

    A. HTTP(S) load balancer
    B. Network load balancer
    C. Internal TCP/UDP load balancer
    D. TCP/SSL proxy load balancer

  • Question 237:

    You need to create a new VPC network that allows instances to have IP addresses in both the 10.1.1.0/24 network and the 172.16.45.0/24 network.

    What should you do?

    A. Configure global load balancing to point 172.16.45.0/24 to the correct instance.
    B. Create unique DNS records for each service that sends traffic to the desired IP address.
    C. Configure an alias-IP range of 172.16.45.0/24 on the virtual instances within the VPC subnet of 10.1.1.0/24.
    D. Use VPC peering to allow traffic to route between the 10.1.0.0/24 network and the 172.16.45.0/24 network.

  • Question 238:

    You are migrating a three-tier application architecture from on-premises to Google Cloud. As a first step in the migration, you want to create a new Virtual Private Cloud (VPC) with an external HTTP(S) load balancer. This load balancer will forward traffic back to the on-premises compute resources that run the presentation tier. You need to stop malicious traffic from entering your VPC and consuming resources at the edge, so you must configure this policy to filter IP addresses and stop cross-site scripting (XSS) attacks.

    What should you do?

    A. Create a Google Cloud Armor policy, and apply it to a backend service that uses an unmanaged instance group backend.
    B. Create a hierarchical firewall ruleset, and apply it to the VPC's parent organization resource node.
    C. Create a Google Cloud Armor policy, and apply it to a backend service that uses an internet network endpoint group (NEG) backend.
    D. Create a VPC firewall ruleset, and apply it to all instances in unmanaged instance groups.

  • Question 239:

    One instance in your VPC is configured to run with a private IP address only. You want to ensure that even if this instance is deleted, its current private IP address will not be automatically assigned to a different instance.

    In the GCP Console, what should you do?

    A. Assign a public IP address to the instance.
    B. Assign a new reserved internal IP address to the instance.
    C. Change the instance's current internal IP address to static.
    D. Add custom metadata to the instance with key internal-address and value reserved.

  • Question 240:

    Your organization relies on a critical Dedicated Interconnect connection for its hybrid cloud strategy. You need to proactively monitor this connection's health and network connectivity to ensure its reliability. You want to be alerted if the light level for an optical transceiver drops below the recommended operational power, or if traffic through the connection suddenly stops.

    What should you do?

    A. Create an alerting policy in Cloud Monitoring that triggers if the total byte count sent over the VLAN attachment drops to zero.
    B. Configure a periodic connectivity test in the Network Intelligence Center to ping an on-premises host and alert based on its success rate.
    C. Create alerting policies in Cloud Monitoring based on the metrics for both the optical power level of the physical link and the BGP session state of the VLAN attachment.
    D. Build a log-based alert in Cloud Logging that parses Cloud Router logs to detect when BGP keepalive messages are no longer received.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.