Most Recent Google Professional-Cloud-Network-Engineer Exam Questions & Answers

Prepare for the Google Professional Cloud Network Engineer exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Google Professional-Cloud-Network-Engineer exam and achieve success.

The questions for Professional-Cloud-Network-Engineer were last updated on Jan 18, 2025.

Viewing page 1 out of 43 pages.
Viewing questions 1-5 out of 215 questions

Get All 215 Questions & Answers

Question No. 1

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

ACreate a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

BCreate 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

CCreate 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

DCreate a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Show Answer

Correct Answer: C

https://cloud.google.com/vpc/docs/vpc-peering

Question No. 2

You are designing a Partner Interconnect hybrid cloud connectivity solution with geo-redundancy across two metropolitan areas. You want to follow Google-recommended practices to set up the following region/metro pairs:

(region 1/metro 1)

(region 2/metro 2)

What should you do?

ACreate a Cloud Router in region 1 with two VLAN attachments connected to metro1-zone1-x.
Create a Cloud Router in region 2 with two VLAN attachments connected to metro1-zone2-x.

BCreate a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone1-x.
Create a Cloud Router in region 2 with two VLAN attachments connected to metro2-zone2-x.

CCreate a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone2-x.
Create a Cloud Router in region 2 with one VLAN attachment connected to metro2-zone2-x.

DCreate a Cloud Router in region 1 with one VLAN attachment connected to metro1-zone1-x and one VLAN attachment connected to metro1-zone2-x.
Create a Cloud Router in region 2 with one VLAN attachment connected to metro2-zone1-x and one VLAN attachment to metro2-zone2-x.

Show Answer

Correct Answer: B

Question No. 3

Your organization has a new security policy that requires you to monitor all egress traffic payloads from your virtual machines in the us-west2 region. You deployed an intrusion detection system (IDS) virtual appliance in the same region to meet the new policy. You now need to integrate the IDS into the environment to monitor all egress traffic payloads from us-west2. What should you do?

AEnable firewall logging and forward all filtered egress firewall logs to the IDS.

BCreate an internal HTTP(S) load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

CCreate an internal TCP/UDP load balancer for Packet Mirroring, and add a packet mirroring policy filter for egress traffic.

DEnable VPC Flow Logs. Create a sink in Cloud Logging to send filtered egress VPC Flow Logs to the IDS.

Show Answer

Correct Answer: C

Packet Mirroring with an internal TCP/UDP load balancer allows for comprehensive monitoring of egress traffic, which includes payloads. This is required for integration with an IDS for detailed inspection of traffic payloads, meeting the security policy needs for monitoring and detection.

Question No. 4

Your company has defined a resource hierarchy that includes a parent folder with subfolders for each department. Each department defines their respective project and VPC in the assigned folder and has the appropriate permissions to create Google Cloud firewall rules. The VPCs should not allow traffic to flow between them. You need to block all traffic from any source, including other VPCs, and delegate only the intra-VPC firewall rules to the respective departments. What should you do?

ACreate a VPC firewall rule in each VPC to block traffic from any source, with priority 0.

BCreate a VPC firewall rule in each VPC to block traffic from any source, with priority 1000.

CCreate two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to allow, and another lower-priority rule that blocks traffic from any other source.

DCreate two hierarchical firewall policies per department's folder with two rules in each: a high-priority rule that matches traffic from the private CIDRs assigned to the respective VPC and sets the action to goto_next, and another lower-priority rule that blocks traffic from any other source.

Show Answer

Correct Answer: B

Question No. 5

Your organization uses a hub-and-spoke architecture with critical Compute Engine instances in your Virtual Private Clouds (VPCs). You are responsible for the design of Cloud DNS in Google Cloud. You need to be able to resolve Cloud DNS private zones from your on-premises data center and enable on-premises name resolution from your hub-and-spoke VPC design. What should you do?

AConfigure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server.
Configure DNS peering from the spoke VPCs to the hub VPC.

BConfigure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

CConfigure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server.
Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.

DConfigure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server.
Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.

Show Answer

Correct Answer: C

Unlock All Questions for Google Professional-Cloud-Network-Engineer Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 215 Questions & Answers