Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam
Professional Cloud Network Engineer (Page 4 )

Updated On: 11-Jan-2026
Page 4 of 51
PDF with 248 Questions

You are trying to update firewall rules in a shared VPC for which you have been assigned only Network Admin permissions. You cannot modify the firewall rules. Your organization requires using the least privilege necessary.

Which level of permissions should you request?

  1. Security Admin privileges from the Shared VPC Admin.
  2. Service Project Admin privileges from the Shared VPC Admin.
  3. Shared VPC Admin privileges from the Organization Admin.
  4. Organization Admin privileges from the Organization Admin.

Answer(s): A


Reference:

https://cloud.google.com/vpc/docs/shared-vpc



You want to create a service in GCP using IPv6.

What should you do?

  1. Create the instance with the designated IPv6 address.
  2. Configure a TCP Proxy with the designated IPv6 address.
  3. Configure a global load balancer with the designated IPv6 address.
  4. Configure an internal load balancer with the designated IPv6 address.

Answer(s): C



You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP- capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices.

What should you do?

  1. · Create a Cloud VPN instance.
    · Create a policy-based VPN tunnel per subnet.
    · Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    · Create the appropriate static routes.
  2. · Create a Cloud VPN instance.
    · Create a policy-based VPN tunnel.
    · Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    · Configure the appropriate static routes.
  3. · Create a Cloud VPN instance.
    · Create a route-based VPN tunnel.
    · Configure the appropriate local and remote traffic selectors to match your local and remote networks.
    · Configure the appropriate static routes.
  4. · Create a Cloud VPN instance.
    · Create a route-based VPN tunnel.
    · Configure the appropriate local and remote traffic selectors to 0.0.0.0/0.
    · Configure the appropriate static routes.

Answer(s): D


Reference:

https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing



Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate organization in GCP and has implemented a custom DNS solution. Each organization will retain its current domain and host names until after a full transition and architectural review is done in one year. These are the assumptions for both GCP environments.

· Each organization has enabled full connectivity between all of its projects by using Shared VPC. · Both organizations strictly use the 10.0.0.0/8 address space for their instances, except for bastion hosts (for accessing the instances) and load balancers for serving web traffic. · There are no prefix overlaps between the two organizations. · Both organizations already have firewall rules that allow all inbound and outbound traffic from the 10.0.0.0/8 address space.

· Neither organization has Interconnects to their on-premises environment.

You want to integrate networking and DNS infrastructure of both organizations as quickly as possible and with minimal downtime.

Which two steps should you take? (Choose two.)

  1. Provision Cloud Interconnect to connect both organizations together.
  2. Set up some variant of DNS forwarding and zone transfers in each organization.
  3. Connect VPCs in both organizations using Cloud VPN together with Cloud Router.
  4. Use Cloud DNS to create A records of all VMs and resources across all projects in both organizations.
  5. Create a third organization with a new host project, and attach all projects from your company and Altostrat to it using shared VPC.

Answer(s): B,C



Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

· Each on-premises router is configured with a unique ASN.
· Each on-premises router is configured with the same routes and priorities. · Both on-premises routers are configured with a VPN connected to a single Cloud Router. · BGP sessions are established between both on-premises routers and the Cloud Router. · Only 1 of the on-premises router's routes are being added to the routing table.

What is the most likely cause of this problem?

  1. The on-premises routers are configured with the same routes.
  2. A firewall is blocking the traffic across the second VPN connection.
  3. You do not have a load balancer to load-balance the network traffic.
  4. The ASNs being used on the on-premises routers are different.

Answer(s): D



Viewing page 4 of 51
Viewing questions 16 - 20 out of 248 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Discussions & Posts