Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Google
  5. PROFESSIONAL-CLOUD-NETWORK-ENGINEER

Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam
Professional Cloud Network Engineer (Page 8 )

Updated On: 11-Jan-2026
Page 8 of 51
PDF with 248 Questions

You are using a 10-Gbps direct peering connection to Google together with the gsutil tool to upload files to Cloud Storage buckets from on-premises servers. The on-premises servers are 100 milliseconds away from the Google peering point. You notice that your uploads are not using the full 10-Gbps bandwidth available to you. You want to optimize the bandwidth utilization of the connection.

What should you do on your on-premises servers?

  1. Tune TCP parameters on the on-premises servers.
  2. Compress files using utilities like tar to reduce the size of data being sent.
  3. Remove the -m flag from the gsutil command to enable single-threaded transfers.
  4. Use the perfdiag parameter in your gsutil command to enable faster performance: gsutil perfdiag gs://[BUCKET_NAME].

Answer(s): A



You work for a multinational enterprise that is moving to GCP.

These are the cloud requirements:

· An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup) · Multiple regional offices in Europe and APAC
· Regional data processing is required in europe-west1 and australia-southeast1 · Centralized Network Administration Team

Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us-west1.

What should you do?

  1. · Create 2 VPCs in a Shared VPC Host Project.
    · Configure a 2-NIC instance in zone us-west1-a in the Host Project.
    · Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
    · Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
    · Deploy the instance.
    · Configure the necessary routes and firewall rules to pass traffic through the instance.
  2. · Create 2 VPCs in a Shared VPC Host Project.
    · Configure a 2-NIC instance in zone us-west1-a in the Service Project.
    · Attach NIC0 in VPC #1 us-west1 subnet of the Host Project.
    · Attach NIC1 in VPC #2 us-west1 subnet of the Host Project.
    · Deploy the instance.
    · Configure the necessary routes and firewall rules to pass traffic through the instance.
  3. · Create 1 VPC in a Shared VPC Host Project.
    · Configure a 2-NIC instance in zone us-west1-a in the Host Project.
    · Attach NIC0 in us-west1 subnet of the Host Project.
    · Attach NIC1 in us-west1 subnet of the Host Project
    · Deploy the instance.
    · Configure the necessary routes and firewall rules to pass traffic through the instance.
  4. · Create 1 VPC in a Shared VPC Service Project.
    · Configure a 2-NIC instance in zone us-west1-a in the Service Project.
    · Attach NIC0 in us-west1 subnet of the Service Project.
    · Attach NIC1 in us-west1 subnet of the Service Project
    · Deploy the instance.
    · Configure the necessary routes and firewall rules to pass traffic through the instance.

Answer(s): B



You are designing a Google Kubernetes Engine (GKE) cluster for your organization. The current cluster size is expected to host 10 nodes, with 20 Pods per node and 150 services. Because of the migration of new services over the next 2 years, there is a planned growth for 100 nodes, 200 Pods per node, and 1500 services. You want to use VPC-native clusters with alias IP ranges, while minimizing address consumption.

How should you design this topology?

  1. Create a subnet of size/25 with 2 secondary ranges of: /17 for Pods and /21 for Services. Create a VPC- native cluster and specify those ranges.
  2. Create a subnet of size/28 with 2 secondary ranges of: /24 for Pods and /24 for Services. Create a VPC- native cluster and specify those ranges.
    When the services are ready to be deployed, resize the subnets.
  3. Use gcloud container clusters create [CLUSTER NAME]--enable-ip-alias to create a VPC-native cluster.
  4. Use gcloud container clusters create [CLUSTER NAME] to create a VPC-native cluster.

Answer(s): A



Your company has recently expanded their EMEA-based operations into APAC. Globally distributed users report that their SMTP and IMAP services are slow. Your company requires end-to-end encryption, but you do not have access to the SSL certificates.

Which Google Cloud load balancer should you use?

  1. SSL proxy load balancer
  2. Network load balancer
  3. HTTPS load balancer
  4. TCP proxy load balancer

Answer(s): A


Reference:

https://cloud.google.com/security/encryption-in-transit/



Your company is working with a partner to provide a solution for a customer. Both your company and the partner organization are using GCP. There are applications in the partner's network that need access to some resources in your company's VPC. There is no CIDR overlap between the VPCs.

Which two solutions can you implement to achieve the desired results without compromising the security? (Choose two.)

  1. VPC peering
  2. Shared VPC
  3. Cloud VPN
  4. Dedicated Interconnect
  5. Cloud NAT

Answer(s): A,C



Viewing page 8 of 51
Viewing questions 36 - 40 out of 248 questions



Post your Comments and Discuss Google PROFESSIONAL-CLOUD-NETWORK-ENGINEER exam prep with other Community members:

PROFESSIONAL-CLOUD-NETWORK-ENGINEER Exam Discussions & Posts