Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Google
  3. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam (page: 6)
Google Professional Cloud Network Engineer
Updated on: 25-Dec-2025

Viewing Page 6 of 32
PROFESSIONAL-CLOUD-NETWORK-ENGINEER PDF 248 Questions

You want to configure load balancing for an internet-facing, standard voice-over-IP (VOIP) application.

Which type of load balancer should you use?

  1. HTTP(S) load balancer
  2. Network load balancer
  3. Internal TCP/UDP load balancer
  4. TCP/SSL proxy load balancer

Answer(s): B


Reference:

https://cloud.google.com/load-balancing/docs/choosing-load-balancer#external-internal



You want to configure a NAT to perform address translation between your on-premises network blocks and GCP.

Which NAT solution should you use?

  1. Cloud NAT
  2. An instance with IP forwarding enabled
  3. An instance configured with iptables DNAT rules
  4. An instance configured with iptables SNAT rules

Answer(s): A


Reference:

https://cloud.google.com/nat/docs/overview



You need to ensure your personal SSH key works on every instance in your project. You want to accomplish this as efficiently as possible.

What should you do?

  1. Upload your public ssh key to the project Metadata.
  2. Upload your public ssh key to each instance Metadata.
  3. Create a custom Google Compute Engine image with your public ssh key embedded.
  4. Use gcloud compute ssh to automatically copy your public ssh key to the instance.

Answer(s): A


Reference:

https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys



In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet.

What should you do?

  1. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
  2. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
  3. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
  4. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

Answer(s): D



You create a Google Kubernetes Engine private cluster and want to use kubectl to get the status of the pods. In one of your instances you notice the master is not responding, even though the cluster is up and running.

What should you do to solve the problem?

  1. Assign a public IP address to the instance.
  2. Create a route to reach the Master, pointing to the default internet gateway.
  3. Create the appropriate firewall policy in the VPC to allow traffic from Master node IP address to the instance.
  4. Create the appropriate master authorized network entries to allow the instance to communicate to the master.

Answer(s): D



Your company has a security team that manages firewalls and SSL certificates. It also has a networking team that manages the networking resources. The networking team needs to be able to read firewall rules, but should not be able to create, modify, or delete them.

How should you set up permissions for the networking team?

  1. Assign members of the networking team the compute.networkUser role.
  2. Assign members of the networking team the compute.networkAdmin role.
  3. Assign members of the networking team a custom role with only the compute.networks.* and the compute.firewalls.list permissions.
  4. Assign members of the networking team the compute.networkViewer role, and add the compute.networks.use permission.

Answer(s): B


Reference:

https://cloud.google.com/compute/docs/access/iam



You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly.

How should you configure the health check?

  1. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1.
  2. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check.
  3. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body.
  4. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check.

Answer(s): C



You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments.

What should you do?

  1. Assign each user the editor role.
  2. Assign each user the compute.networkAdmin role.
  3. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get.
  4. Give each user the following permissions only: compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.

Answer(s): B



Viewing Page 6 of 32



Share your comments for Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam with other users:

Bhagiii 11/4/2023 7:04:00 AM

well explained.
Anonymous


Rahul 8/8/2023 9:40:00 PM

i need the pdf, please.
CANADA


CW 7/11/2023 2:51:00 PM

a good source for exam preparation
UNITED STATES


Anchal 10/23/2023 4:01:00 PM

nice questions
INDIA


J Nunes 9/29/2023 8:19:00 AM

i need ielts general training audio guide questions
BRAZIL


Ananya 9/14/2023 5:16:00 AM

please make this content available
UNITED STATES


Swathi 6/4/2023 2:18:00 PM

content is good
Anonymous


Leo 7/29/2023 8:45:00 AM

latest dumps please
INDIA


Laolu 2/15/2023 11:04:00 PM

aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
UNITED STATES


Zaynik 9/17/2023 5:36:00 AM

questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
Anonymous


Massam 6/11/2022 5:55:00 PM

90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
Anonymous


Anonymous 12/27/2023 12:47:00 AM

answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
INDIA


Japles 5/23/2023 9:46:00 PM

password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
Anonymous


Faritha 8/10/2023 6:00:00 PM

for question 4, the righr answer is :recover automatically from failures
UNITED STATES


Anonymous 9/14/2023 4:27:00 AM

question number 4s answer is 3, option c. i
UNITED STATES


p das 12/7/2023 11:41:00 PM

very good questions
UNITED STATES


Anna 1/5/2024 1:12:00 AM

i am confused about the answers to the questions. are the answers correct?
KOREA REPUBLIC OF


Bhavya 9/13/2023 10:15:00 AM

very usefull
Anonymous


Rahul Kumar 8/31/2023 12:30:00 PM

need certification.
CANADA


Diran Ole 9/17/2023 5:15:00 PM

great exam prep
CANADA


Venkata Subbarao Bandaru 6/24/2023 8:45:00 AM

i require dump
Anonymous


D 7/15/2023 1:38:00 AM

good morning, could you please upload this exam again,
Anonymous


Ann 9/15/2023 5:39:00 PM

hi can you please upload the dumps for sap contingent module. thanks
AUSTRALIA


Sridhar 1/16/2024 9:19:00 PM

good questions
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous


vv 12/2/2023 2:45:00 PM

good ones for exam preparation
UNITED STATES


Danny Zas 9/15/2023 4:45:00 AM

this is a good experience
UNITED STATES


SM 1211 10/12/2023 10:06:00 PM

hi everyone
UNITED STATES


A 10/2/2023 6:08:00 PM

waiting for the dump. please upload.
UNITED STATES


Anonymous 7/16/2023 11:05:00 AM

upload cks exam questions
Anonymous


Johan 12/13/2023 8:16:00 AM

awesome training material
NETHERLANDS


PC 7/28/2023 3:49:00 PM

where is dump
Anonymous


YoloStar Yoloing 10/22/2023 9:58:00 PM

q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
Anonymous


Zelalem Nega 5/14/2023 12:45:00 PM

please i need if possible h12-831,
UNITED KINGDOM