Pre-Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Google Cloud Certified - Professional Cloud Network Engineer

Last Update 6 hours ago Total Questions : 233

The Google Cloud Certified - Professional Cloud Network Engineer content is now fully updated, with all current exam questions added 6 hours ago. Deciding to include Professional-Cloud-Network-Engineer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Professional-Cloud-Network-Engineer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Professional-Cloud-Network-Engineer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Google Cloud Certified - Professional Cloud Network Engineer practice test comfortably within the allotted time.

Question # 41

You want to use Cloud Interconnect to connect your on-premises network to a GCP VPC. You cannot meet Google at one of its point-of-presence (POP) locations, and your on-premises router cannot run a Border Gateway Protocol (BGP) configuration.

Which connectivity model should you use?

A.

Direct Peering

B.

Dedicated Interconnect

C.

Partner Interconnect with a layer 2 partner

D.

Partner Interconnect with a layer 3 partner

Question # 42

You need to configure the Border Gateway Protocol (BGP) session for a VPN tunnel you just created between two Google Cloud VPCs, 10.1.0.0/16 and 172.16.0.0/16. You have a Cloud Router (router-1) in the 10.1.0.0/16 network and a second Cloud Router (router-2) in the 172.16.0.0/16 network. Which configuration should you use for the BGP session?

A.

B.

C.

D.

Question # 43

You are the Organization Admin for your company. One of your engineers is responsible for setting up multiple host projects across multiple folders and sharing subnets with service projects. You need to enable the engineer's Identity and Access Management (IAM) configuration to complete their task in the fewest number of steps. What should you do?

A.

Set up the engineer with Compute Shared VPC Admin IAM role at the folder level.

B.

Set up the engineer with Compute Shared VPC Admin IAM role at the organization level.

C.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the folder level.

D.

Set up the engineer with Compute Shared VPC Admin IAM role and Project IAM Admin role at the organization level.

Question # 44

You are configuring your Google Cloud environment to connect to your on-premises network. Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Engine nodes across your private Cloud Interconnect network. You have already configured a Cloud Router with your Interconnect VLAN attachments. You now need to set up the appropriate router advertisement configuration on the Cloud Router. What should you do?

A.

Configure the route advertisement to the default setting.

B.

On the on-premises router, configure a static route for the storage API virtual IP address which points to the Cloud Router's link-local IP address.

C.

Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Leave all other options as their default settings.

D.

Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Advertise all visible subnets to the Cloud Router.

Question # 45

You want to establish a dedicated connection to Google that can access Cloud SQL via a public IP address and that does not require a third-party service provider.

Which connection type should you choose?

A.

Carrier Peering

B.

Direct Peering

C.

Dedicated Interconnect

D.

Partner Interconnect

Question # 46

Question:

Your organization wants to seamlessly migrate a global external web application from Compute Engine to GKE. You need to deploy a simple, cloud-first solution that exposes both applications and sends 10% of the requests to the new application. What should you do?

A.

Configure a global external Application Load Balancer with a Service Extension that points to an application running in a VM, which controls which requests go to each application.

B.

Configure a global external Application Load Balancer with weighted traffic splitting.

C.

Configure two separate global external Application Load Balancers, and use Cloud DNS geolocation routing policies.

D.

Configure a global external Application Load Balancer with weighted request mirroring.

Question # 47

Question:

Your organization recently exposed a set of services through a global external Application Load Balancer. After conducting some testing, you observed that responses would intermittently yield a non-HTTP 200 response. You need to identify the error. What should you do? (Choose 2 answers)

A.

Access a VM in the VPC through SSH, and try to access a backend VM directly. If the request is successful from the VM, increase the quantity of backends.

B.

Enable and review the health check logs. Review the error responses in Cloud Logging.

C.

Validate the health of the backend service. Enable logging on the load balancer, and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

D.

Delete the load balancer and backend services. Create a new passthrough Network Load Balancer. Configure a failover group of VMs for the backend.

E.

Validate the health of the backend service. Enable logging for the backend service, and identify the error response in Cloud Logging. Determine the cause of the error by reviewing the statusDetails log field.

Question # 48

Question:

Your organization has a hub and spoke architecture with VPC Network Peering, and hybrid connectivity is centralized at the hub. The Cloud Router in the hub VPC is advertising subnet routes, but the on-premises router does not appear to be receiving any subnet routes from the VPC spokes. You need to resolve this issue. What should you do?

A.

Create custom learned routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

B.

Create custom routes at the Cloud Router in the spokes to advertise the subnets of the VPC spokes.

C.

Create a BGP route policy at the Cloud Router, and ensure the subnets of the VPC spokes are being announced towards the on-premises environment.

D.

Create custom routes at the Cloud Router in the hub to advertise the subnets of the VPC spokes.

Question # 49

You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?

A.

Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

B.

Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

C.

Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

D.

Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.

Question # 50

Your company has just launched a new critical revenue-generating web application. You deployed the application for scalability using managed instance groups, autoscaling, and a network load balancer as frontend. One day, you notice severe bursty traffic that the caused autoscaling to reach the maximum number of instances, and users of your application cannot complete transactions. After an investigation, you think it as a DDOS attack. You want to quickly restore user access to your application and allow successful transactions while minimizing cost.

Which two steps should you take? (Choose two.)

A.

Use Cloud Armor to blacklist the attacker’s IP addresses.

B.

Increase the maximum autoscaling backend to accommodate the severe bursty traffic.

C.

Create a global HTTP(s) load balancer and move your application backend to this load balancer.

D.

Shut down the entire application in GCP for a few hours. The attack will stop when the application is offline.

E.

SSH into the backend compute engine instances, and view the auth logs and syslogs to further understand the nature of the attack.

Go to page:
Professional-Cloud-Network-Engineer PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: Apr 30, 2026
  • 233 Questions and Answers
  • Single Choice: 214 Q&A's
  • Multiple Choice: 19 Q&A's
 Add to Cart    View Detail

Related Google Certification Exams

Google Security-Operations-Engineer
Google Generative-AI-Leader
Google Chrome-Enterprise-Administrator
Google Google-Ads-Video
Google ChromeOS-Administrator
Google Professional-Cloud-Database-Engineer
Google Google-Workspace-Administrator
Google Looker-Business-Analyst
Google LookML-Developer
Google Cloud-Digital-Leader
Google Professional-Machine-Learning-Engineer
Google Associate-Android-Developer

New Release

CAIC Exam Questions
SRAN-Radio-Network-Performance-Optimization Exam Questions
Applied-Algebra Exam Questions
Foundations-of-Programming-Python Exam Questions
EDI101 Exam Questions
Drupal-Site-Builder Exam Questions
EX380 Exam Questions
EX432 Exam Questions
Workday-Pro-Benefits Exam Questions
NCP-MCI-7.5 Exam Questions
NCP-NS-7.5 Exam Questions
NCP-BC-7.5 Exam Questions
ASET-Ethics-Examination Exam Questions
Dynatrace-Associate Exam Questions
ITIL-5-Foundation Exam Questions