Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam
Professional Cloud Network Engineer (Page 7 )

Updated On: 11-Jan-2026
Page 7 of 51
PDF with 248 Questions

You have an application running on Compute Engine that uses BigQuery to generate some results that are stored in Cloud Storage. You want to ensure that none of the application instances have external IP addresses.

Which two methods can you use to accomplish this? (Choose two.)

  1. Enable Private Google Access on all the subnets.
  2. Enable Private Google Access on the VPC.
  3. Enable Private Services Access on the VP
  4. Create network peering between your VPC and BigQuery.
  5. Create a Cloud NAT, and route the application traffic via NAT gateway.

Answer(s): A,E



You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices.

How should you design this topology?

  1. Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.
  2. Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
  3. Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
  4. Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.

Answer(s): D


Reference:

https://cloud.google.com/vpc/docs/shared-vpc



You are adding steps to a working automation that uses a service account to authenticate. You need to give the automation the ability to retrieve files from a Cloud Storage bucket. Your organization requires using the least privilege possible.

What should you do?

  1. Grant the compute.instanceAdmin to your user account.
  2. Grant the iam.serviceAccountUser to your user account.
  3. Grant the read-only privilege to the service account for the Cloud Storage bucket.
  4. Grant the cloud-platform privilege to the service account for the Cloud Storage bucket.

Answer(s): C



You converted an auto mode VPC network to custom mode. Since the conversion, some of your Cloud Deployment Manager templates are no longer working. You want to resolve the problem.

What should you do?

  1. Apply an additional IAM role to the Google API's service account to allow custom mode networks.
  2. Update the VPC firewall to allow the Cloud Deployment Manager to access the custom mode networks.
  3. Explicitly reference the custom mode networks in the Cloud Armor whitelist.
  4. Explicitly reference the custom mode networks in the Deployment Manager templates.

Answer(s): D



You have recently been put in charge of managing identity and access management for your organization. You have several projects and want to use scripting and automation wherever possible. You want to grant the editor role to a project member.

Which two methods can you use to accomplish this? (Choose two.)

  1. GetIamPolicy() via REST API
  2. SetIamPolicy() via REST API
  3. gcloud pubsub add-iam-policy-binding $projectname --member user:$username -- role roles/editor
  4. gcloud projects add-iam-policy-binding $projectname --member user:$username -- role roles/editor
  5. Enter an email address in the Add members field, and select the desired role from the drop-down menu in the GCP Console.

Answer(s): D,E


Reference:

https://cloud.google.com/iam/docs/granting-changing-revoking-access



Viewing page 7 of 51
Viewing questions 31 - 35 out of 248 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Discussions & Posts