1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Practice Questions and Exam Preparation

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :333 Q&As
  • Last Updated
    :May 31, 2026

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Online Questions & Answers

  • Question 251:

    Your company is implementing new rules for outbound internet traffic in your Google Cloud environment. You need to design a configuration that enables all outbound internet traffic from virtual machines tagged with production-critical to route through a Secure Web Proxy (SWP) for inspection while allowing all other virtual machines to egress directly to the internet.

    What should you do?

    A. Deploy a Cloud NAT gateway configured to translate and forward traffic from production-critical VMs to the internet.
    B. Configure a custom static route with a destination of 0.0.0.0/0 for the production-critical network tag with the SWP IP address as a next hop.
    C. Configure a policy-based route with a destination of 0.0.0.0/0 for the production-critical network tag with the SWP IP as a next hop.
    D. Configure a policy-based route with a source set as the subnets of the production-critical VMs and a destination of 0.0.0.0/0 with the SWP IP as the next hop.

  • Question 252:

    You are designing a packet mirroring policy as part of your network security architecture for your gaming workload. Your infrastructure is located in the us-west2 region and deployed across several zones: us-west2-a, us-west2-b, and us-west2-c. The infrastructure is running a web-based application on TCP ports 80 and 443 with other game servers that utilize the UDP protocol. You need to deploy packet mirroring policies and collector instances to monitor web application traffic while minimizing inter-zonal network egress costs.

    Following Google-recommended practices, how should you deploy the packet mirroring policies and collector instances?

    A. Crate three packet mirroring policies: one for each zone. Create one group of collector instances for the us-west2 region. Configure each packet mirroring policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic.
    B. Create one packet mirroring policy for the us-west2 region. Create one group of collector instances for the us-west2 region. Configure the packet mirroring policy to match traffic for web server instances based on instance-tags, and create a filter for TCP traffic.
    C. Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on instance-tags, and create a filter for TCP traffic.
    D. Create three packet mirroring policies: one for each zone. Create three groups of collector instances: one group for each zone. Configure each policy to match traffic for its zone based on subnets, and create a filter for TCP traffic.

  • Question 253:

    You have two Google Cloud projects in a perimeter to prevent data exfiltration. You need to move a third project inside the perimeter; however, the move could negatively impact the existing environment. You need to validate the impact of the change.

    What should you do?

    A. Enable Firewall Rules Logging inside the third project.
    B. Modify the existing VPC Service Controls policy to include the new project in dry run mode.
    C. Monitor the Resource Manager audit logs inside the perimeter.
    D. Enable VPC Flow Logs inside the third project, and monitor the logs for negative impact.

  • Question 254:

    You have just deployed your infrastructure on Google Cloud. You now need to configure the DNS to meet the following requirements: Your on-premises resources should resolve your Google Cloud zones. Your Google Cloud resources should resolve your on-premises zones. You need the ability to resolve ".internal" zones provisioned by Google Cloud.

    What should you do?

    A. Configure an outbound server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.
    B. Configure both an inbound server policy and outbound DNS forwarding zones with the target as the on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
    C. Configure an outbound DNS server policy, and set your alternative name server to be your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google Cloud's DNS resolver.
    D. Configure Cloud DNS to DNS peer with your on-premises DNS resolver. Configure your on-premises DNS resolver to forward Google Cloud zone queries to Google's public DNS 8.8.8.8.

  • Question 255:

    You are establishing a secure and resilient connection between your company's on-premises data center and a Google Cloud VPC. You have two separate physical VPN gateways in your on-premises data center for redundancy. You need to ensure that there is no single point of failure in the design, and you must use dynamic routing to exchange prefixes.

    What should you do?

    A. Deploy an HA VPN gateway and establish connection to one of the interfaces on-premises with multiple tunnels.
    B. Deploy a single Classic VPN gateway in Google Cloud and create two tunnels, both pointing to the same primary on-premises VPN gateway to increase bandwidth.
    C. Deploy an HA VPN gateway and connect its two interfaces to the two on-premises gateways. Use Cloud Router to establish a BGP session over each tunnel.
    D. Deploy two Classic VPN gateways, each connected to a separate on-premises gateway. Configure matching static routes with different priorities on both sides to handle failover.

  • Question 256:

    800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port

    700. You want to ensure high availability for this application.

    What should you do?

    A. Create a network load balancer that used backend services containing one instance group with two instances.
    B. Create a network load balancer that uses a target pool backend with two instances.
    C. Create a TCP proxy that uses a zonal network endpoint group containing one instance.
    D. Create a TCP proxy that uses backend services containing an instance group with two instances.

  • Question 257:

    Your company hosts a critical banking application in Google Cloud VPC. This application frequently interacts with a Cloud SQL for MySQL instance that stores sensitive customer data. Due to strict compliance and security requirements, all communication between your application's VPC and the Cloud SQL instance must remain private without traversing the public internet. You need to conserve IP space as much as possible and establish a communication connection with minimal network overhead and complexity.

    What should you do?

    A. Establish a Private Service Connect endpoint between your application's VPC and the Google-managed service producer network.
    B. Deploy a private Compute Engine instance with a custom proxy server in your application's VPC, and route all Cloud SQL traffic through this proxy.
    C. Establish a Private Service Access connection between your application's VPC and the Google-managed service producer network.
    D. Use Cloud SQL connector to connect to the Cloud SQL instance.

  • Question 258:

    You are configuring the final elements of a migration effort where resources have been moved from on-premises to Google Cloud. While reviewing the deployed architecture, you noticed that DNS resolution is failing when queries are being sent to the on-premises environment. You login to a Compute Engine instance, try to resolve an on-premises hostname, and the query fails. DNS queries are not arriving at the on-premises DNS server. You need to use managed services to reconfigure Cloud DNS to resolve the DNS error.

    What should you do?

    A. Ensure that the operating systems of the Compute Engine instances are configured to send DNS queries to the on-premises DNS servers directly.
    B. Validate that there is network connectivity to the on-premises environment and that the Compute Engine instances can reach other on-premises resources. If errors persist, remove the VPC Network Peerings and recreate the peerings after validating the routes.
    C. Validate that the Compute Engine instances are using the Metadata Service IP address as their resolver. Configure an outbound forwarding zone for the on-premises domain pointing to the on-premises DNS server. Configure Cloud Router to advertise the Cloud DNS proxy range to the on-premises network.
    D. Review the existing Cloud DNS zones, and validate that there is a route in the VPC directing traffic destined to the IP address of the DNS servers. Recreate the existing DNS forwarding zones for. to forward all queries to the on-premises DNS servers.

  • Question 259:

    Your website serves static software packages from a Cloud Storage backend bucket through an external Application Load Balancer. Customers must download private files by using time-limited URLs, and the files should be cached at the edge when possible.

    What should you configure?

    A. Cloud CDN with signed URLs on the backend bucket.
    B. Cloud NAT with endpoint-independent mapping enabled.
    C. VPC Service Controls with an access level for customer IP addresses.
    D. Cloud DNS DNSSEC on the public managed zone.

  • Question 260:

    The applications in your Google Cloud environment and your AWS cloud environment frequently exchange large volumes of data, and the existing Cloud VPN connections are not meeting the required throughput and reliability. You need to establish high-performance, low-latency, highly available connectivity between your Google Cloud environment and your AWS cloud environment. You also need to create a dedicated, private connection between your Google Cloud VPC and your AWS VPC.

    What should you do?

    A. Establish a Partner Interconnect connection with a service provider that has direct presence in both Google Cloud and AWS regions.
    B. Configure multiple dedicated Cloud VPN tunnels in an active/active configuration between the Google Cloud VPC and AWS VPC.
    C. Provision a Cross-Cloud Interconnect connection between your Google Cloud project and your AWS account, and configure Border Gateway Protocol (BGP) peering over the dedicated connection.
    D. Use a Google Cloud Dedicated Interconnect and an AWS Direct Connect and route traffic through a co-location provider.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.