Google Professional Cloud Network Engineer Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

Your organization has approximately 100 teams that need to manage their own environments. A central team must manage the network. You need to design a landing zone that provides separate projects for each team and ensure the solution can scale. What should you do?

AConfigure VPC Network Peering and peer one of the VPCs to the service project.

BConfigure Policy-based Routing for each team.

CConfigure a Shared VPC and create a VPC network in the host project.

DConfigure a Shared VPC, and create a VPC network in the service project.

Correct : C

Using a Shared VPC enables centralized network management and efficient resource access by service projects. This scalable setup supports isolated environments for each team while allowing the network team to manage network policies and resources in a host project.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure VPC Network Peering and peer one of the VPCs to the service project.

BConfigure Policy-based Routing for each team.

CConfigure a Shared VPC and create a VPC network in the host project.

DConfigure a Shared VPC, and create a VPC network in the service project.

0 / 1500

Question 2

You are designing the architecture for your organization so that clients can connect to certain Google APIs. Your plan must include a way to connect to Cloud Storage and BigQuery. You also need to ensure the traffic does not traverse the internet. You want your solution to be cloud-first and require the least amount of configuration steps. What should you do?

AConfigure Private Google Access on the VPC resource. Create a default route to the internet.

BConfigure Private Google Access on the subnet resource. Create a default route to the internet.

CConfigure Cloud NAT and remove the default route to the internet.

DConfigure a global Secure Web Proxy and remove the default route to the internet.

Correct : B

Enabling Private Google Access on the subnet allows VMs to access Google APIs (like Cloud Storage and BigQuery) directly, without routing traffic over the internet. This approach is cloud-native and involves minimal setup, aligning with a cloud-first strategy.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure Private Google Access on the VPC resource. Create a default route to the internet.

BConfigure Private Google Access on the subnet resource. Create a default route to the internet.

CConfigure Cloud NAT and remove the default route to the internet.

DConfigure a global Secure Web Proxy and remove the default route to the internet.

0 / 1500

Question 3

You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The application sends packets intermittently at a low volume from a Compute Engine VM to a destination on your on-premises network through a pair of Cloud Interconnect VLAN attachments. You validated that the Cloud Next Generation Firewall (Cloud NGFW) rules do not have any deny statements blocking egress traffic, and you do not have any explicit allow rules. Following Google-recommended practices, you need to analyze the flow to see if packets are being sent correctly out of the VM to isolate the issue. What should you do?

ACreate a packet mirroring policy that is configured with your VM as the source and destined to a collector. Analyze the packet captures.

BEnable VPC Flow Logs on the subnet that the VM is deployed in with sample_rate = 1.0, and run a query in Logs Explorer to analyze the packet flow.

CEnable Firewall Rules Logging on your firewall rules and review the logs.

DVerify the network/attachment/egress_dropped_packet.s_count Cloud Interconnect VLAN attachment metric.

Correct : B

Enabling VPC Flow Logs with sample_rate = 1.0 on the VM's subnet will give detailed information about network traffic flowing to and from your VM. You can then query this data in Logs Explorer to check whether packets are leaving the VM and reaching the intended destination. This is a recommended practice for troubleshooting such network issues.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ACreate a packet mirroring policy that is configured with your VM as the source and destined to a collector. Analyze the packet captures.

BEnable VPC Flow Logs on the subnet that the VM is deployed in with sample_rate = 1.0, and run a query in Logs Explorer to analyze the packet flow.

CEnable Firewall Rules Logging on your firewall rules and review the logs.

DVerify the network/attachment/egress_dropped_packet.s_count Cloud Interconnect VLAN attachment metric.

0 / 1500

Question 4

You have recently taken over responsibility for your organization's Google Cloud network security configurations. You want to review your Cloud Next Generation Firewall (Cloud NGFW) configurations to ensure that there are no rules allowing ingress traffic to your VMs and services from the internet. You want to avoid manual work. What should you do?

AUse Firewall Insights, and enable insights for overly permissive rules.

BReview Network Analyzer insights on the VPC network category.

CExport all your Cloud NGFW rules into a CSV file and search for 0.0.0.0/0.

DRun Connectivity Tests from multiple external sources to confirm that traffic is not allowed to ingress to your most critical services in Google Cloud.

Correct : A

Using Firewall Insights and enabling insights for overly permissive rules helps automate the process of identifying firewall rules that may allow unintended ingress from the internet. This is a quick and efficient method compared to manually searching through firewall configurations.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUse Firewall Insights, and enable insights for overly permissive rules.

BReview Network Analyzer insights on the VPC network category.

CExport all your Cloud NGFW rules into a CSV file and search for 0.0.0.0/0.

DRun Connectivity Tests from multiple external sources to confirm that traffic is not allowed to ingress to your most critical services in Google Cloud.

0 / 1500

Question 5

You are deploying an HA VPN within Google Cloud. You need to exchange routes dynamically between your on-premises gateway and Google Cloud. You have already created an HA VPN gateway and a peer VPN gateway resource. What should you do?

ACreate a Cloud Router, add VPN tunnels, and then configure BGP sessions.

BCreate a second HA VPN gateway, add VPN tunnels, and enable global dynamic routing.

CCreate a Cloud Router, add VPN tunnels, and enable global dynamic routing.

DCreate a Cloud Router, add VPN tunnels, and then configure static routes to your subnet ranges.

Correct : A

To dynamically exchange routes between Google Cloud and your on-premises gateway, you need to create a Cloud Router and configure BGP sessions after adding VPN tunnels. BGP allows for dynamic route exchange, which is essential for establishing proper communication between the environments.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ACreate a Cloud Router, add VPN tunnels, and then configure BGP sessions.

BCreate a second HA VPN gateway, add VPN tunnels, and enable global dynamic routing.

CCreate a Cloud Router, add VPN tunnels, and enable global dynamic routing.

DCreate a Cloud Router, add VPN tunnels, and then configure static routes to your subnet ranges.

0 / 1500

Master Google Professional Cloud Network Engineer Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: