Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam (page: 1)
Google Professional Cloud Network Engineer
Updated on: 07-Feb-2026

Viewing Page 1 of 32
PROFESSIONAL-CLOUD-NETWORK-ENGINEER PDF 248 Questions

You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect.

What should you do?

  1. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges.
  2. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges.
  3. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges.
  4. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges.

Answer(s): C


Reference:

https://link.springer.com/chapter/10.1007/978-1-4842-1004-8_4



Your end users are located in close proximity to us-east1 and europe-west1. Their workloads need to communicate with each other. You want to minimize cost and increase network efficiency.

How should you design this topology?

  1. Create 2 VPCs, each with their own regions and individual subnets. Create 2 VPN gateways to establish connectivity between these regions.
  2. Create 2 VPCs, each with their own region and individual subnets. Use external IP addresses on the instances to establish connectivity between these regions.
  3. Create 1 VPC with 2 regional subnets. Create a global load balancer to establish connectivity between the regions.
  4. Create 1 VPC with 2 regional subnets. Deploy workloads in these subnets and have them communicate using private RFC1918 IP addresses.

Answer(s): D

Explanation:

VPC Network Peering enables you to peer VPC networks so that workloads in different VPC networks can communicate in private RFC 1918 space. Traffic stays within Google's network and doesn't traverse the public internet.


Reference:

https://cloud.google.com/vpc/docs/vpc-peering



Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

  1. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
  2. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.
  3. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
  4. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Answer(s): C



You are migrating to Cloud DNS and want to import your BIND zone file.

Which command should you use?

  1. gcloud dns record-sets import ZONE_FILE --zone MANAGED_ZONE
  2. gcloud dns record-sets import ZONE_FILE --replace-origin-ns --zone MANAGED_ZONE
  3. gcloud dns record-sets import ZONE_FILE --zone-file-format --zone MANAGED_ZONE
  4. gcloud dns record-sets import ZONE_FILE --delete-all-existing --zone MANAGED_ZONE

Answer(s): C

Explanation:

Once you have the exported file from your other provider, you can use the gcloud dns record-sets import command to import it into your managed zone.
To import record-sets, you use the dns record-sets import command. The --zone-file-format flag tells importto expect a BIND zone formatted file. If you omit this flag, import expects a YAML-formatted records file.


Reference:

https://medium.com/@prashantapaudel/gcp-certification-series-2-4- planning-and-configuring-network-resources-8045ac2cc2ac



You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC.

How should you configure the Distribution VPC?

  1. Create the Distribution VPC in auto mode. Peer both the VPCs via network peering.
  2. Create the Distribution VPC in custom mode. Use the CIDR range 10.0.0.0/9. Create the necessary subnets, and then peer them via network peering.
  3. Create the Distribution VPC in custom mode. Use the CIDR range 10.128.0.0/9. Create the necessary subnets, and then peer them via network peering.
  4. Rename the default VPC as "Distribution" and peer it via network peering.

Answer(s): B


Reference:

https://cloud.google.com/vpc/docs/using-vpc



You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall.

Which two actions should you take? (Choose two.)

  1. Turn on Private Google Access at the subnet level.
  2. Turn on Private Google Access at the VPC level.
  3. Turn on Private Services Access at the VPC level.
  4. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
  5. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.

Answer(s): A,D



All the instances in your project are configured with the custom metadata enable-oslogin value set to FALSE and to block project-wide SSH keys. None of the instances are set with any SSH key, and no project- wide SSH keys have been configured. Firewall rules are set up to allow SSH sessions from any IP address range. You want to SSH into one instance.

What should you do?

  1. Open the Cloud Shell SSH into the instance using gcloud compute ssh.
  2. Set the custom metadata enable-oslogin to TRUE, and SSH into the instance using a third-party tool like putty or ssh.
  3. Generate a new SSH key pair. Verify the format of the private key and add it to the instance. SSH into the instance using a third-party tool like putty or ssh.
  4. Generate a new SSH key pair. Verify the format of the public key and add it to the project. SSH into the instance using a third-party tool like putty or ssh.

Answer(s): A



You work for a university that is migrating to GCP.

These are the cloud requirements:

· On-premises connectivity with 10 Gbps
· Lowest latency access to the cloud
· Centralized Networking Administration Team

New departments are asking for on-premises connectivity to their projects. You want to deploy the most cost- efficient interconnect solution for connecting the campus to Google Cloud.

What should you do?

  1. Use Shared VPC, and deploy the VLAN attachments and Interconnect in the host project.
  2. Use Shared VPC, and deploy the VLAN attachments in the service projects. Connect the VLAN attachment to the Shared VPC's host project.
  3. Use standalone projects, and deploy the VLAN attachments in the individual projects. Connect the VLAN attachment to the standalone projects' Interconnects.
  4. Use standalone projects and deploy the VLAN attachments and Interconnects in each of the individual projects.

Answer(s): A



Viewing Page 1 of 32



Share your comments for Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam with other users:

Palash Ghosh 9/11/2023 8:30:00 AM

easy questions
Anonymous


Noor 10/2/2023 7:48:00 AM

could you please upload ad0-127 dumps
INDIA


Kotesh 7/27/2023 2:30:00 AM

good content
Anonymous


Biswa 11/20/2023 9:07:00 AM

understanding about joins
Anonymous


Jimmy Lopez 8/25/2023 10:19:00 AM

please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.
Anonymous


Lily 4/24/2023 10:50:00 PM

questions made studying easy and enjoyable, passed on the first try!
UNITED STATES


John 8/7/2023 12:12:00 AM

has anyone recently attended safe 6.0 exam? did you see any questions from here?
Anonymous


Big Dog 6/24/2023 4:47:00 PM

question 13 should be dhcp option 43, right?
UNITED STATES


B.Khan 4/19/2022 9:43:00 PM

the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
INDIA


Ganesh 12/24/2023 11:56:00 PM

is this dump good
Anonymous


Albin 10/13/2023 12:37:00 AM

good ................
EUROPEAN UNION


Passed 1/16/2022 9:40:00 AM

passed
GERMANY


Harsh 6/12/2023 1:43:00 PM

yes going good
Anonymous


Salesforce consultant 1/2/2024 1:32:00 PM

good questions for practice
FRANCE


Ridima 9/12/2023 4:18:00 AM

need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
Anonymous


Tanvi Rajput 10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.
UNITED KINGDOM


Anil 7/18/2023 9:38:00 AM

nice questions
Anonymous


Chris 8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions
Anonymous


sachin 6/27/2023 1:22:00 PM

can you share the pdf
Anonymous


Blessious Phiri 8/13/2023 10:26:00 AM

admin ii is real technical stuff
Anonymous


Luis Manuel 7/13/2023 9:30:00 PM

could you post the link
UNITED STATES


vijendra 8/18/2023 7:54:00 AM

hello send me dumps
Anonymous


Simeneh 7/9/2023 8:46:00 AM

it is very nice
Anonymous


john 11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.
Anonymous


Tao 11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
Anonymous


patricks 10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
Anonymous


Ananya 9/14/2023 5:17:00 AM

i need it, plz make it available
UNITED STATES


JM 12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
UNITED STATES


Ronke 8/18/2023 10:39:00 AM

this is simple but tiugh as well
Anonymous


CesarPA 7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
UNITED STATES


Jeya 9/13/2023 7:50:00 AM

its very useful
INDIA


Tracy 10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
Anonymous


James 8/17/2023 4:33:00 PM

real questions
UNITED STATES


Aderonke 10/23/2023 1:07:00 PM

very helpful assessments
UNITED KINGDOM