1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Professional Cloud Network Engineer

Exam Details

  • Exam Code
    :PROFESSIONAL-CLOUD-NETWORK-ENGINEER
  • Exam Name
    :Professional Cloud Network Engineer
  • Certification
    :Google Certifications
  • Vendor
    :Google
  • Total Questions
    :170 Q&As
  • Last Updated
    :May 21, 2025

Google Google Certifications PROFESSIONAL-CLOUD-NETWORK-ENGINEER Questions & Answers

  • Question 61:

    You are the network administrator responsible for hybrid connectivity at your organization. Your developer team wants to use Cloud SQL in the us-west1 region in your Shared VPC. You configured a Dedicated Interconnect connection and a

    Cloud Router in us-west1, and the connectivity between your Shared VPC and on-premises data center is working as expected. You just created the private services access connection required for Cloud SQL using the reserved IP address

    range and default settings. However, your developers cannot access the Cloud SQL instance from on-premises. You want to resolve the issue.

    What should you do?

    A. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes. Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

    B. Change the VPC routing mode to global. Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

    C. Create an additional Cloud Router in us-west2. Create a new Border Gateway Protocol (BGP) peering connection to your on-premises data center. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

    D. Change the VPC routing mode to global. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.

  • Question 62:

    You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 63:

    You have several microservices running in a private subnet in an existing Virtual Private Cloud (VPC). You need to create additional serverless services that use Cloud Run and Cloud Functions to access the microservices. The network traffic volume between your serverless services and private microservices is low. However, each serverless service must be able to communicate with any of your microservices. You want to implement a solution that minimizes cost. What should you do?

    A. Deploy your serverless services to the serverless VPC. Peer the serverless service VPC to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

    B. Create a serverless VPC access connector for each serverless service. Configure the connectors to allow traffic between the serverless services and your existing microservices.

    C. Deploy your serverless services to the existing VPC. Configure firewall rules to allow traffic between the serverless services and your existing microservices.

    D. Create a serverless VPC access connector. Configure the serverless service to use the connector for communication to the microservices.

  • Question 64:

    You are configuring a new HTTP application that will be exposed externally behind both IPv4 and IPv6 virtual IP addresses, using ports 80, 8080, and 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest-possible latency while ensuring high availability and autoscaling, and create native content-based rules using the HTTP hostname and request path. The IP addresses of the clients that connect to the load balancer need to be visible to the backends. Which configuration should you use?

    A. Use Network Load Balancing

    B. Use TCP Proxy Load Balancing with PROXY protocol enabled

    C. Use External HTTP(S) Load Balancing with URL Maps and custom headers

    D. Use External HTTP(S) Load Balancing with URL Maps and an X-Forwarded-For header

  • Question 65:

    You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot communicate with compute resources on-premises. What should you do?

    A. Configure a custom route advertisement on the Cloud Router.

    B. Enable IP forwarding in the asia-southeast1 region.

    C. Change the VPC dynamic routing mode to Global.

    D. Add a second Border Gateway Protocol (BGP) session to the Cloud Router.

  • Question 66:

    You have deployed a proof-of-concept application by manually placing instances in a single Compute Engine zone. You are now moving the application to production, so you need to increase your application availability and ensure it can autoscale.

    How should you provision your instances?

    A. Create a single managed instance group, specify the desired region, and select Multiple zones for the location.

    B. Create a managed instance group for each region, select Single zone for the location, and manually distribute instances across the zones in that region.

    C. Create an unmanaged instance group in a single zone, and then create an HTTP load balancer for the instance group.

    D. Create an unmanaged instance group for each zone, and manually distribute the instances across the desired zones.

  • Question 67:

    You recently noticed a recurring daily spike in network usage in your Google Cloud project. You need to identify the virtual machine (VM) instances and type of traffic causing the spike in traffic utilization while minimizing the cost and management overhead required. What should you do?

    A. Enable VPC Flow Logs and send the output to BigQuery for analysis.

    B. Enable Firewall Rules Logging for all allowed traffic and send the output to BigQuery for analysis.

    C. Configure Packet Mirroring to send all traffic to a VM. Use Wireshark on the VM to identity traffic utilization for each VM in the VPC.

    D. Deploy a third-party network appliance and configure it as the default gateway. Use the third-party network appliance to identify users with high network traffic.

  • Question 68:

    Your company is planning a migration to Google Kubernetes Engine. Your application team informed you that they require a minimum of 60 Pods per node and a maximum of 100 Pods per node

    Which Pod per node CIDR range should you use?

    A. /24

    B. /25

    C. /26

    D. /28

  • Question 69:

    Your company's security team tends to use managed services when possible. You need to build a dashboard to show the number of deny hits that occur against configured firewall rules without increasing operational overhead. What should you do?

    A. Configure Firewall Rules Logging. Use Firewall Insights to display the number of hits.

    B. Configure Firewall Rules Logging. View the logs in Cloud Logging, and create a custom dashboard in Cloud Monitoring to display the number of hits.

    C. Configure a firewall appliance from the Google Cloud Marketplace. Route all traffic through this appliance, and apply the firewall rules at this layer. Use the firewall appliance to display the number of hits.

    D. Configure Packet Mirroring on the VPC. Apply a filter with an IP address list of the Denied Firewall rules. Configure an intrusion detection system (IDS) appliance as the receiver to display the number of hits.

  • Question 70:

    You have deployed an HTTP(s) load balancer, but health checks to port 80 on the Compute Engine virtual machine instance are failing, and no traffic is sent to your instances. You want to resolve the problem. Which commands should you run?

    A. gcloud compute instances add-access-config instance-1

    B. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --destination-ranges 130.211.0.0/22,35.191.0.0/16 --direction EGRESS

    C. gcloud compute firewall-rules create allow-lb --network load-balancer --allow tcp --source-ranges 130.211.0.0/22,35.191.0.0/16 --direction INGRESS

    D. gcloud compute health-checks update http health-check --unhealthy-threshold 10

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Google exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam preparations and Google certification application, do not hesitate to visit our Vcedump.com to find your solutions here.