Free Google Professional-Cloud-Network-Engineer Exam Questions

Become Google Certified with updated Professional-Cloud-Network-Engineer exam questions and correct answers

Page: 1 / 47

Total 235 Questions | Updated On: Oct 29, 2025

Add To Cart

Question 1

You are creating an instance group and need to create a new health check for HTTP(s) load balancing. Which two methods can you use to accomplish this? (Choose two.)

A : Create a new health check using the gcloud command line tool.

B : Create a new health check using the VPC Network section in the GCP Console.

C : Create a new health check, or select an existing one, when you complete the load balancer’s backend configuration in the GCP Console.

D : Create a new legacy health check using the gcloud command line tool.

E : Create a new legacy health check using the Health checks section in the GCP Console.

Answer: A,C

Question 2

You want to apply a new Cloud Armor policy to an application that is deployed in Google Kubernetes Engine (GKE). You want to find out which target to use for your Cloud Armor policy. Which GKE resource should you use?

A : GKE Node

B : GKE Pod

C : GKE Cluster

D : GKE Ingress

Answer: D

Question 3

You are designing the network architecture for your organization. Your organization has three developer teams: Web, App, and Database. All of the developer teams require access to Compute Engine instances to perform their critical tasks. You are part of a small network and security team that needs to provide network access to the developers. You need to maintain centralized control over network resources, including subnets, routes, and firewalls. You want to minimize operational overhead. How should you design this topology?

A : Configure a host project with a Shared VPC. Create service projects for Web, App, and Database.

B : Configure one VPC for Web, one VPC for App, and one VPC for Database. Configure HA VPN between each VPC.

C : Configure three Shared VPC host projects, each with a service project: one for Web, one for App, and one for Database.

D : Configure one VPC for Web, one VPC for App, and one VPC for Database. Use VPC Network Peering to connect all VPCs in a full mesh.

Answer: C

Question 4

You are configuring the firewall endpoints as part of the Cloud Next Generation Firewall (Cloud NGFW) intrusion prevention service in Google Cloud. You have configured a threat prevention security profile, and you now need to create an endpoint for traffic inspection. What should you do?

A : Attach the profile to the VPC network, create a firewall endpoint within the zone, and use a firewall policy rule to apply the L7 inspection.

B : Create a firewall endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

C : Create a firewall endpoint within the region, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

D : Create a Private Service Connect endpoint within the zone, associate the endpoint to the VPC network, and use a firewall policy rule to apply the L7 inspection.

Answer: C

Question 5

You are configuring load balancing for a standard three-tier (web, application, and database) application. You have configured an external HTTP(S) load balancer for the web servers. You need to configure load balancing for the application tier of servers. What should you do?

A : Configure a forwarding rule on the existing load balancer for the application tier.

B : Configure equal cost multi-path routing on the application servers.

C : Configure a new internal HTTP(S) load balancer for the application tier.

D : Configure a URL map on the existing load balancer to route traffic to the application tier.

Answer: A

Page: 1 / 47

Total 235 Questions | Updated On: Oct 29, 2025

Add To Cart