Pre-Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Google Cloud Certified - Professional Cloud Network Engineer

Last Update 6 hours ago Total Questions : 233

The Google Cloud Certified - Professional Cloud Network Engineer content is now fully updated, with all current exam questions added 6 hours ago. Deciding to include Professional-Cloud-Network-Engineer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our Professional-Cloud-Network-Engineer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these Professional-Cloud-Network-Engineer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Google Cloud Certified - Professional Cloud Network Engineer practice test comfortably within the allotted time.

Question # 51

Your on-premises data center has 2 routers connected to your GCP through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

•Each on-premises router is configured with the same ASN.

•Each on-premises router is configured with the same routes and priorities.

•Both on-premises routers are configured with a VPN connected to a single Cloud Router.

•The VPN logs have no-proposal-chosen lines when the VPNs are connecting.

•BGP session is not established between one on-premises router and the Cloud Router.

What is the most likely cause of this problem?

A.

One of the VPN sessions is configured incorrectly.

B.

A firewall is blocking the traffic across the second VPN connection.

C.

You do not have a load balancer to load-balance the network traffic.

D.

BGP sessions are not established between both on-premises routers and the Cloud Router.

Question # 52

You are designing a new application that has backends internally exposed on port 800. The application will be exposed externally using both IPv4 and IPv6 via TCP on port 700. You want to ensure high availability for this application. What should you do?

A.

Create a network load balancer that used backend services containing one instance group with two instances.

B.

Create a network load balancer that uses a target pool backend with two instances.

C.

Create a TCP proxy that uses a zonal network endpoint group containing one instance.

D.

Create a TCP proxy that uses backend services containing an instance group with two instances.

Question # 53

Your on-premises data center has 2 routers connected to your Google Cloud environment through a VPN on each router. All applications are working correctly; however, all of the traffic is passing across a single VPN instead of being load-balanced across the 2 connections as desired.

During troubleshooting you find:

• Each on-premises router is configured with a unique ASN.

• Each on-premises router is configured with the same routes and priorities.

• Both on-premises routers are configured with a VPN connected to a single Cloud Router.

• BGP sessions are established between both on-premises routers and the Cloud Router.

• Only 1 of the on-premises router’s routes are being added to the routing table.

What is the most likely cause of this problem?

A.

The on-premises routers are configured with the same routes.

B.

A firewall is blocking the traffic across the second VPN connection.

C.

You do not have a load balancer to load-balance the network traffic.

D.

The ASNs being used on the on-premises routers are different.

Question # 54

You successfully provisioned a single Dedicated Interconnect. The physical connection is at a colocation facility closest to us-west2. Seventy-five percent of your workloads are in us-east4, and the remaining twenty-five percent of your workloads are in us-central1. All workloads have the same network traffic profile. You need to minimize data transfer costs when deploying VLAN attachments. What should you do?

A.

Keep the existing Dedicated interconnect. Deploy a VLAN attachment to a Cloud Router in us-west2, and use VPC global routing to access workloads in us-east4 and us-central1.

B.

Keep the existing Dedicated Interconnect. Deploy a VLAN attachment to a Cloud Router in us-east4, and deploy another VLAN attachment to a Cloud Router in us-central1.

C.

Order a new Dedicated Interconnect for a colocation facility closest to us-east4, and use VPC global routing to access workloads in us-central1.

D.

Order a new Dedicated Interconnect for a colocation facility closest to us-central1, and use VPC global routing to access workloads in us-east4.

Question # 55

You need to configure a Google Kubernetes Engine (GKE) cluster. The initial deployment should have 5 nodes with the potential to scale to 10 nodes. The maximum number of Pods per node is 8. The number of services could grow from 100 to up to 1024. How should you design the IP schema to optimally meet this requirement?

A.

Configure a /28 primary IP address range for the node IP addresses. Configure a (25 secondary IP range for the Pods. Configure a /22 secondary IP range for the Services.

B.

Configure a /28 primary IP address range for the node IP addresses. Configure a /25 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

C.

Configure a /28 primary IP address range for the node IP addresses. Configure a /28 secondary IP range for the Pods. Configure a /21 secondary IP range for the Services.

D.

Configure a /28 primary IP address range for the node IP addresses. Configure a /24 secondary IP range for the Pads. Configure a /22 secondary IP range for the Services.

Question # 56

Your team is developing an application that will be used by consumers all over the world. Currently, the application sits behind a global external application load balancer You need to protect the application from potential application-level attacks. What should you do?

A.

Enable Cloud CDN on the backend service.

B.

Create multiple firewall deny rules to block malicious users, and apply them to the global external application load balancer

C.

Create a Google Cloud Armor security policy with web application firewall rules, and apply the security policy to the backend service.

D.

Create a VPC Service Controls perimeter with the global external application load balancer as the protected service, and apply it to the backend service

Question # 57

You are creating a new application and require access to Cloud SQL from VPC instances without public IP addresses.

Which two actions should you take? (Choose two.)

A.

Activate the Service Networking API in your project.

B.

Activate the Cloud Datastore API in your project.

C.

Create a private connection to a service producer.

D.

Create a custom static route to allow the traffic to reach the Cloud SQL API.

E.

Enable Private Google Access.

Question # 58

Your company has provisioned 2000 virtual machines (VMs) in the private subnet of your Virtual Private Cloud (VPC) in the us-east1 region. You need to configure each VM to have a minimum of 128 TCP connections to a public repository so that users can download software updates and packages over the internet. You need to implement a Cloud NAT gateway so that the VMs are able to perform outbound NAT to the internet. You must ensure that all VMs can simultaneously connect to the public repository and download software updates and packages. Which two methods can you use to accomplish this? (Choose two.)

A.

Configure the NAT gateway in manual allocation mode, allocate 2 NAT IP addresses, and update the minimum number of ports per VM to 256.

B.

Create a second Cloud NAT gateway with the default minimum number of ports configured per VM to 64.

C.

Use the default Cloud NAT gateway's NAT proxy to dynamically scale using a single NAT IP address.

D.

Use the default Cloud NAT gateway to automatically scale to the required number of NAT IP addresses, and update the minimum number of ports per VM to 128.

E.

Configure the NAT gateway in manual allocation mode, allocate 4 NAT IP addresses, and update the minimum number of ports per VM to 128.

Question # 59

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.

How should you design the topology?

A.

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

B.

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

C.

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

D.

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Question # 60

You are designing a hybrid cloud environment for your organization. Your Google Cloud environment is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at 10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?

A.

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 10.204.0.0/24.

Set a custom route advertisement on the Cloud Router for 10.204.0.0/24

B.

Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168 20.88.

Configure your on-premises firewall to accept traffic from 35.199.192.0/19

Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.

C.

Create a private forwarding zone in Cloud DNS for ‘corp .altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 10.204.0.0/24.

Modify the /etc/resolv conf file on your Compute Engine instances to point to 192.168.20 88

D.

Create a private zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com.

Configure DNS Server Policies and create a policy with Alternate DNS servers to 192.168.20.88.

Configure your on-premises firewall to accept traffic from 35.199.192.0/19.

Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.

Go to page:
Professional-Cloud-Network-Engineer PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: Apr 30, 2026
  • 233 Questions and Answers
  • Single Choice: 214 Q&A's
  • Multiple Choice: 19 Q&A's
 Add to Cart    View Detail

Related Google Certification Exams

Google Security-Operations-Engineer
Google Generative-AI-Leader
Google Chrome-Enterprise-Administrator
Google Google-Ads-Video
Google ChromeOS-Administrator
Google Professional-Cloud-Database-Engineer
Google Google-Workspace-Administrator
Google Looker-Business-Analyst
Google LookML-Developer
Google Cloud-Digital-Leader
Google Professional-Machine-Learning-Engineer
Google Associate-Android-Developer

New Release

CAIC Exam Questions
SRAN-Radio-Network-Performance-Optimization Exam Questions
Applied-Algebra Exam Questions
Foundations-of-Programming-Python Exam Questions
EDI101 Exam Questions
Drupal-Site-Builder Exam Questions
EX380 Exam Questions
EX432 Exam Questions
Workday-Pro-Benefits Exam Questions
NCP-MCI-7.5 Exam Questions
NCP-NS-7.5 Exam Questions
NCP-BC-7.5 Exam Questions
ASET-Ethics-Examination Exam Questions
Dynatrace-Associate Exam Questions
ITIL-5-Foundation Exam Questions