1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :333 Q&As
  • Last Updated
    :May 31, 2026

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Questions & Answers

  • Question 241:

    Your company acquired a new division. The new division's network team requires complete control over their networking infrastructure. You need to extend your existing Google Cloud network infrastructure, that consists of a single VPC, to allow workloads from all divisions to communicate with each other. You want to avoid incurring extra costs and granting unnecessary permissions to the new division's networking team.

    What should you do?

    A. - Create a new project for the new division's network team. - Create a new VPC within the new project. - Establish a VPC peering between your existing VPC and the new division's VPC. - Create a new subnet dedicated to the new division's workloads. - Grant roles/compute.networkUser on the new project to the new division's network team group.
    B. - Create a new project for the new division's network team. - Create a new VPC within the new project. - Establish a VPC peering between your existing VPC and the new division's VPC. - Grant roles/compute.networkAdmin on the newly created project to the new division's network team group.
    C. - Ensure that the project hosting the existing network infrastructure is enabled as a host project. - Create a new subnet dedicated to the new division's workloads in the existing VPC. - Grant roles/compute.networkUser on the newly created subnet to the new division's network team group.
    D. - Create a new project for the new division's network team. - Create a new VPC within the new project. - Establish a VPN connection between your existing VPC and the new division's VPC. - Grant roles/compute.networkAdmin on the newly created project to the new division's network team group.

  • Question 242:

    You are implementing hybrid connectivity between your company's data center and Google Cloud. You've already deployed redundant Dedicated Interconnect connections, and are now deploying VLAN attachments in us-central1. You want to use an active/passive approach, where interconnect-1 is active and interconnect-2 is a passive backup. You need to deploy a Cloud Router to enable BGP connectivity.

    You want to follow Google-recommended practices.

    What should you do?

    A. 1. Configure the primary interconnect-1 BGP session on the Cloud Router with priority 0 and ASN65101.2. Configure the secondary interconnect-2 BGP session on the Cloud Router with priority 200 and ASN65102.3. Configure the on-premises ASN as 65000.
    B. 1. Configure the primary interconnect-1 BGP session on the Cloud Router with priority0.2. Configure the secondary interconnect-2 BGP session on the Cloud Router with priority200.3. Configure both Google-side BGP ASNs as65100.4. Configure the on-premises ASN as 65000.
    C. 1. Configure the primary and secondary interconnects of the BGP sessions on the Cloud Router with priority 100 and ASN16550.2. Configure the on-premises ASN as 65001 for primary interconnect-1.3. Configure the on-premises ASN as 65002 for secondary interconnect-2.
    D. 1. Configure the primary and secondary interconnects of the BGP sessions on the Cloud Router with priority 100 and ASN4200000001.2. Configure the on-premises ASN as4200000010.3. Disable the BGP session on the on-premises router for the secondary interconnect-2.

  • Question 243:

    Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Virtual Private Cloud (VPC) in the us-east1 region. You need to configure each VM to have a minimum of 128 TCP connections to a public repository so that users can download software updates and packages over the internet. You need to implement a Cloud NAT gateway so that the VMs are able to perform outbound NAT to the internet. You must ensure that all VMs can simultaneously connect to the public repository and download software updates and packages.

    Which two methods can you use to accomplish this? (Choose two.)

    A. Configure the NAT gateway in manual allocation mode, allocate 2 NAT IP addresses, and update the minimum number of ports per VM to 256.
    B. Create a second Cloud NAT gateway with the default minimum number of ports configured per VM to 64.
    C. Use the default Cloud NAT gateway's NAT proxy to dynamically scale using a single NAT IP address.
    D. Use the default Cloud NAT gateway to automatically scale to the required number of NAT IP addresses, and update the minimum number of ports per VM to 128.
    E. Configure the NAT gateway in manual allocation mode, allocate 4 NAT IP addresses, and update the minimum number of ports per VM to 128.

  • Question 244:

    Your organization's on-premises networking team is reporting frequent BGP session flaps toward your Google Cloud environment. You need to review the BGP configuration.

    What should you do?

    A. Switch to static routing.
    B. Increase the BGP hold timer to 36000 seconds max.
    C. Ensure that graceful restart is enabled on the on-premises router.
    D. Ask the on-premises team to enable Bidirectional Forwarding Detection (BFD).

  • Question 245:

    You are creating a design that will connect your single on-premises data center to a VPC in Google Cloud by using an IPsec VPN connection. The connection must have a minimum SLA of 99.99%. There is a single VPN termination device located in your on-premises data center. The VPN termination device can be configured only with a single public IP address. Your design must also have the least amount of setup effort.

    What should you do?

    A. 1. Create two HA VPN gateways.2. Create one tunnel on interface 0 of one gateway and create one tunnel on interface 1 of the other gateway.3. Terminate each of the two tunnels on the single public IP address that is configured on the VPN termination device located in your on-premises data center.
    B. 1. Create one Classic VPN gateway and one HA VPN gateway.2. Create one tunnel on the interface of the Classic VPN gateway and one tunnel on interface 1 of the HA VPN gateway.3. Terminate each of the two tunnels on the single public IP address that is configured on the VPN termination device located in your on-premises data center.
    C. 1. Replace the existing on-premises VPN termination device with a new device that is configured with two different public IP addresses.2. Create one HA VPN gateway.3. Create one tunnel for each of the two HA VPN gateway interfaces.4. Terminate each of the two tunnels on one of the two public IP addresses that is configured on the new VPN termination device located in your on-premises data center.
    D. 1. Create one HA VPN gateway.2. Create one tunnel for each of the two HA VPN gateway interfaces.3. Terminate each of the two tunnels on the single public IP address that is configured on the VPN termination device located in your on-premises data center.

  • Question 246:

    Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You have recently engaged a traffic-scrubbing service and want to restrict your origin to allow connections only from the traffic-scrubbing service.

    What should you do?

    A. Create a Cloud Armor Security Policy that blocks all traffic except for the traffic-scrubbing service.
    B. Create a VPC Firewall rule that blocks all traffic except for the traffic-scrubbing service.
    C. Create a VPC Service Controls Perimeter that blocks all traffic except for the traffic-scrubbing service.
    D. Create IPTables firewall rules that block all traffic except for the traffic-scrubbing service.

  • Question 247:

    You just finished your company's migration to Google Cloud and configured an architecture with 3 Virtual Private Cloud (VPC) networks: one for Sales, one for Finance, and one for Engineering. Every VPC contains over 100 Compute Engine instances, and now developers using instances in the Sales VPC and the Finance VPC require private connectivity between each other. You need to allow communication between Sales and Finance without compromising performance or security.

    What should you do?

    A. Configure an HA VPN gateway between the Finance VPC and the Sales VPC.
    B. Configure the instances that require communication between each other with an external IP address.
    C. Create a VPC Network Peering connection between the Finance VPC and the Sales VPC.
    D. Configure Cloud NAT and a Cloud Router in the Sales and Finance VPCs.

  • Question 248:

    You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.

    What should you do?

    A. - Create a Cloud VPN instance. - Create a policy-based VPN tunnel per subnet. - Configure the appropriate local and remote traffic selectors to match your local and remote networks. - Create the appropriate static routes.
    B. - Create a Cloud VPN instance. - Create a policy-based VPN tunnel. - Configure the appropriate local and remote traffic selectors to match your local and remote networks. - Configure the appropriate static routes.
    C. - Create a Cloud VPN instance. - Create a route-based VPN tunnel. - Configure the appropriate local and remote traffic selectors to match your local and remote networks. - Configure the appropriate static routes.
    D. - Create a Cloud VPN instance. - Create a route-based VPN tunnel. - Configure the appropriate local and remote traffic selectors to 0.0.0.0/0. - Configure the appropriate static routes.

  • Question 249:

    Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

    During troubleshooting you find:

    - Each on-premises router is configured with a unique ASN.

    - Each on-premises router is configured with the same routes and priorities.

    - Both on-premises routers are configured with a VPN connected to a single Cloud Router.

    - BGP sessions are established between both on-premises routers and the Cloud Router.

    - Only 1 of the on-premises router's routes are being added to the routing table.

    What is the most likely cause of this problem?

    A. The on-premises routers are configured with the same routes.
    B. A firewall is blocking the traffic across the second VPN connection.
    C. You do not have a load balancer to load-balance the network traffic.
    D. The ASNs being used on the on-premises routers are different.

  • Question 250:

    You have the networking configuration shown in the diagram. A pair of redundant Dedicated Interconnect connections (int-Iga1 and int-Iga2) terminate on the same Cloud Router. The Interconnect connections terminate on two separate on-premises routers. You are advertising the same prefixes from the Border Gateway Protocol (BGP) sessions associated with the Dedicated Interconnect connections. You need to configure one connection as Active for both ingress and egress traffic. If the active Interconnect connection falls, you want the passive Interconnect connection to automatically begin routing all traffic.

    Which two actions should you take to meet this requirement? (Choose two.)

    A. Configure the advertised route priority as 200 for the BGP session associated with the active interconnect connection.
    B. Configure the advertised route priority > 10,200 on the active Interconnect connection.
    C. Advertise a lower MED on the active Interconnect connection from the on-premises router.
    D. Advertise a lower MED on the passive Interconnect connection from the on-premises router.
    E. Configure the advertised route priority as 200 for the BGP session associated with the passive Interconnect connection.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.