DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Professional Cloud Network Engineer Certification Pracatice Questions & Mock Tests, Google Professional Cloud Network Engineer | SPOTO

Prepare effectively for the Professional Cloud Network Engineer certification exam with our comprehensive collection of practice questions and mock tests. As a Professional Cloud Network Engineer, you'll need to implement and manage network architectures in Google Cloud proficiently. Our practice tests cover essential topics such as network services, application and container networking, hybrid and multi-cloud connectivity, VPC implementation, and security measures. With detailed explanations and answers provided, you'll gain a solid understanding of the concepts required for successful cloud implementations. Utilize our exam simulator to simulate real exam conditions and assess your readiness. Trust SPOTO for high-quality practice tests and expert guidance to excel in your Professional Cloud Network Engineer certification journey.
Take other online exams

Question #1
You want to deploy a VPN Gateway to connect your on-premises network to GCP. You are using a non BGP-capable on-premises VPN device. You want to minimize downtime and operational overhead when your network grows. The device supports only IKEv2, and you want to follow Google-recommended practices. What should you do?
A. • Create a Cloud VPN instance
View answer
Correct Answer: B
Question #2
Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead. How should you design the topology?
A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments
B. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs
C. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs
D. Create a single project, and deploy specific firewall rules
View answer
Correct Answer: D
Question #3
You have created an HTTP(S) load balanced service. You need to verify that your backend instances are responding properly. How should you configure the health check?
A. Set request-path to a specific URL used for health checking, and set proxy-header to PROXY_V1
B. Set request-path to a specific URL used for health checking, and set host to include a custom host header that identifies the health check
C. Set request-path to a specific URL used for health checking, and set response to a string that the backend service will always return in the response body
D. Set proxy-header to the default value, and set host to include a custom host header that identifies the health check
View answer
Correct Answer: B
Question #4
You created a VPC network named Retail in auto mode. You want to create a VPC network named Distribution and peer it with the Retail VPC. How should you configure the Distribution VPC?
A. Create the Distribution VPC in auto mode
B. Create the Distribution VPC in custom mode
C. Create the Distribution VPC in custom mode
D. Rename the default VPC as "Distribution" and peer it via network peering
View answer
Correct Answer: A
Question #5
You have deployed a new internal application that provides HTTP and TFTP services to on-premises hosts. You want to be able to distribute traffic across multiple Compute Engine instances, but need to ensure that clients are sticky to a particular instance across both services. Which session affinity should you choose?
A. None
B. Client IP
C. Client IP and protocol
D. Client IP, port and protocol
View answer
Correct Answer: CE
Question #6
You decide to set up Cloud NAT. After completing the configuration, you find that one of your instances is not using the Cloud NAT for outbound NAT. What is the most likely cause of this problem?
A. The instance has been configured with multiple interfaces
B. An external IP address has been configured on the instance
C. You have created static routes that use RFC1918 ranges
D. The instance is accessible by a load balancer external IP address
View answer
Correct Answer: D
Question #7
You need to give each member of your network operations team least-privilege access to create, modify, and delete Cloud Interconnect VLAN attachments. What should you do?
A. Assign each user the editor role
B. Assign each user the compute
C. Give each user the following permissions only: compute
D. Give each user the following permissions only: compute
View answer
Correct Answer: C
Question #8
You need to restrict access to your Google Cloud load-balanced application so that only specific IP addresses can connect. What should you do?
A. Create a secure perimeter using the Access Context Manager feature of VPC Service Controls and restrict access to the source IP range of the allowed clients and Google health check IP ranges
B. Create a secure perimeter using VPC Service Controls, and mark the load balancer as a service restricted to the source IP range of the allowed clients and Google health check IP ranges
C. Tag the backend instances "application," and create a firewall rule with target tag "application" and the source IP range of the allowed clients and Google health check IP ranges
D. Label the backend instances "application," and create a firewall rule with the target label "application" and the source IP range of the allowed clients and Google health check IP ranges
View answer
Correct Answer: C
Question #9
You created a new VPC network named Dev with a single subnet. You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging. When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails. You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic. You want to see the logs for blocked traffic. What should you do?
A. Check the VPC flow logs for the instance
B. Try connecting to the instance via SSH, and check the logs
C. Create a new firewall rule to allow traffic from port 22, and enable logs
D. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs
View answer
Correct Answer: B
Question #10
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet. What should you do?
A. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag
B. Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A
C. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A
D. Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network
View answer
Correct Answer: B
Question #11
Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being loadbalanced across the 2 connections as desired. During troubleshooting you find: • Each on-premises router is configured with a unique ASN. • Each on-premises router is configured with the same routes and priorities. • Both on-premises routers are configured with a VPN connecte
A. The on-premises routers are configured with the same routes
B. A firewall is blocking the traffic across the second VPN connection
C. You do not have a load balancer to load-balance the network traffic
D. The ASNs being used on the on-premises routers are different
View answer
Correct Answer: A
Question #12
Your company offers a popular gaming service. Your instances are deployed with private IP addresses, and external access is granted through a global load balancer. You believe you have identified a potential malicious actor, but aren't certain you have the correct client IP address. You want to identify this actor while minimizing disruption to your legitimate users. What should you do?
A. Create a Cloud Armor Policy rule that denies traffic and review necessary logs
B. Create a Cloud Armor Policy rule that denies traffic, enable preview mode, and review necessary logs
C. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to disabled, and review necessary logs
D. Create a VPC Firewall rule that denies traffic, enable logging and set enforcement to enabled, and review necessary logs
View answer
Correct Answer: A
Question #13
You are using a third-party next-generation firewall to inspect traffic. You created a custom route of 0.0.0.0/0 to route egress traffic to the firewall. You want to allow your VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs, without sending the traffic through the firewall. Which two actions should you take? (Choose two.)
A. Turn on Private Google Access at the subnet level
B. Turn on Private Google Access at the VPC level
C. Turn on Private Services Access at the VPC level
D. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway
E. Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway
View answer
Correct Answer: C
Question #14
Your company's web server administrator is migrating on-premises backend servers for an application to GCP. Libraries and configurations differ significantly across these backend servers. The migration to GCP will be lift-and-shift, and all requests to the servers will be served by a single network load balancer frontend. You want to use a GCP-native solution when possible. How should you deploy this service in GCP?
A. Create a managed instance group from one of the images of the on-premises servers, and link this instance group to a target pool behind your load balancer
B. Create a target pool, add all backend instances to this target pool, and deploy the target pool behind your load balancer
C. Deploy a third-party virtual appliance as frontend to these servers that will accommodate the significant differences between these backend servers
D. Use GCP's ECMP capability to load-balance traffic to the backend servers by installing multiple equal-priority static routes to the backend servers
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: