Practice PCNE Managing, Monitoring, and Optimising Network Operations questions with full explanations on every answer.
Start practicing
Managing, Monitoring, and Optimising Network Operations — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A network engineer needs to verify that traffic from a specific Compute Engine instance can reach a Cloud SQL database in a different VPC. Which Google Cloud tool should be used to test this reachability?
2A company wants to analyze VPC Flow Logs to understand which external IPs are generating the most outbound traffic. What is the most scalable way to store and query these logs?
3An engineer notices that VPC Flow Logs are enabling on a subnet but only a fraction of traffic is logged. What is the most likely cause?
4Which Network Intelligence Center tool provides a visual representation of your VPC network, including instances, subnets, firewall rules, and routes?
5A company has two VPCs connected via VPC Network Peering. Traffic from an instance in VPC A to an instance in VPC B is failing. Connectivity Tests show that the expected route exists and firewall rules allow the traffic. What is a possible cause?
6A security team wants to capture all traffic from a Compute Engine instance for intrusion detection. Which service should be used to copy traffic to a third-party IDS appliance running on another instance?
7An engineer is troubleshooting high latency between a Compute Engine instance in us-central1 and an instance in europe-west1. Which tool can show per-region latency and packet loss?
8A company is using Cloud NAT for outbound traffic. They want to log when a connection fails due to resource exhaustion. Which logging feature should be enabled?
9An organization needs to reduce egress costs for a global application serving users worldwide. The application serves static content from Compute Engine instances. Which action is most cost-effective?
10What is the default MTU for packets sent between VMs within the same VPC network in Google Cloud?
11A network engineer has set up a Cloud Router with BGP for an HA VPN. The BGP session is flapping. Which log should be examined to diagnose the issue?
12A company wants to analyze firewall rule effectiveness by identifying rules that are never hit or are shadowed. Which Network Intelligence Center tool should be used?
13A security engineer wants to monitor and analyze traffic to a load-balanced web application. Which TWO services can provide detailed logs of HTTP requests and responses?
14A company is experiencing a BGP session flap between Cloud Router and an on-premises router. Which THREE actions should the engineer take to diagnose the issue?
15A company wants to reduce outbound data transfer costs from Compute Engine to the internet. Which TWO strategies are effective?
16A network engineer wants to test reachability between a Compute Engine instance in VPC A and a Cloud SQL instance in VPC B, which are connected via VPC peering. Which Google Cloud tool should be used to check if firewall rules or routes are blocking traffic?
17A company has enabled VPC Flow Logs on a subnet with the default sample rate. They notice that only 50% of flows are being logged. What is the most likely reason?
18An organization has a VPC with multiple subnets and Cloud NAT configured for outbound internet access. They need to analyze which instances are using the most egress bandwidth to optimize costs. Which approach is most effective?
19A network engineer wants to capture all network traffic from a set of Compute Engine instances for security monitoring by an IDS appliance. Which Google Cloud service should be used?
20An organization is using Cloud CDN to deliver content globally. Which of the following is a primary benefit of using Cloud CDN?
21A company has a VPC with a Cloud Router using BGP to advertise prefixes to an on-premises network. The BGP session keeps flapping. What is a likely cause?
22A company wants to reduce egress costs for traffic going to Google APIs (e.g., Cloud Storage, BigQuery) from Compute Engine instances. Which configuration should they use?
23An engineer is troubleshooting asymmetric routing between two VPCs connected via VPC peering. They notice that return traffic takes a different path. What is a common cause of asymmetric routing in this scenario?
24A company wants to analyze HTTP load balancer access logs to understand user behavior and traffic patterns. Which approach is recommended for long-term analysis and querying?
25An organization has a project with multiple VPCs. They need to know the maximum number of firewall rules allowed per VPC. Where should they look?
26A company is using a global external HTTP(S) load balancer to serve traffic from multiple regions. They notice high egress costs for traffic served to users in Asia. What change could reduce costs?
27A network engineer is using Connectivity Tests to diagnose a reachability issue between two instances in the same VPC but different subnets. The test indicates that traffic is denied by firewall rules. However, the engineer cannot find any firewall rule denying the traffic. What is a possible explanation?
28A company wants to audit firewall rules for security best practices. They need to identify overly permissive rules (e.g., allowing all traffic from 0.0.0.0/0) and rules that are never used. Which two Google Cloud tools can help? (Choose two.)
29A company uses Cloud NAT for outbound internet access from private instances. They want to monitor for connection failures due to NAT resource exhaustion. Which two steps should they take? (Choose two.)
30A company is experiencing packet loss between two Compute Engine instances in different zones within the same region. They suspect MTU issues. Which three actions should they take to diagnose and resolve? (Choose three.)
31A network engineer wants to test whether a Compute Engine VM can reach a Cloud SQL instance in a different VPC network, considering firewall rules and VPC peering. Which Google Cloud tool should they use?
32A company has deployed a global HTTP Load Balancer with Cloud CDN to serve content to users worldwide. They notice high egress costs from the origin region. What is the most cost-effective solution to reduce egress from the origin?
33An engineer notices that some packets sent from a Compute Engine VM in GCP to an on-premises server via a VPN tunnel are being fragmented. The on-premises server is not receiving the fragmented packets. What is the most likely cause?
34A security team needs to capture all traffic to and from a specific Compute Engine instance for forensic analysis. They want to send the mirrored traffic to a third-party IDS appliance running on a separate VM in the same VPC. Which GCP feature should they use, and what is a key consideration?
35A company is using VPC Flow Logs to analyze traffic patterns. They need to reduce the volume of logs by approximately 75% while still capturing representative data for troubleshooting. What is the most effective configuration change?
36An organization has multiple VPC networks in a project and wants to centrally manage firewall rules across all networks using a single set of rules. Which approach should they take?
37A network engineer wants to see a real-time graphical representation of the topology of their VPC network, including instances, subnets, and load balancers. Which Network Intelligence Center tool should they use?
38A company has two VPC networks connected via VPC peering. They notice asymmetric routing: traffic from Network A to Network B follows one path, but return traffic from B to A takes a different path. This is causing connectivity issues for stateful firewalls. What is the likely cause?
39A developer wants to log all denied firewall rule events for security auditing purposes. What is the simplest way to achieve this without modifying existing firewall rules?
40An organization runs a web application on Compute Engine behind a regional external HTTP(S) load balancer. They need to log HTTP request details (e.g., user-agent, status codes) to BigQuery for analysis. Which logging feature should they enable?
41A company is hitting the quota for number of firewall rules per VPC network. They need to add more rules without requesting a quota increase. Which approach can reduce the number of rules?
42A network engineer is troubleshooting BGP session flaps between a Cloud Router and an on-premises router. The Cloud Router logs show that the session goes down and up repeatedly every few minutes. What is the most common cause of such flapping?
43A company is designing a multi-region application on GCP and wants to optimize egress costs. Which TWO of the following strategies will reduce cross-region egress costs? (Choose two.)
44A security engineer needs to identify overly permissive firewall rules and shadowed rules (rules that never match because a higher priority rule overrides them). Which TWO Network Intelligence Center tools can help? (Choose two.)
45A company is experiencing periodic packet loss between two Compute Engine instances in the same region but different zones. They have enabled VPC Flow Logs and see that the flows are marked with 'RTT' latency. Which THREE actions should they take to diagnose the issue? (Choose three.)
46A network engineer wants to test whether a VM in VPC A can reach a VM in VPC B that is connected via VPC peering. The engineer suspects that firewall rules or routes are blocking traffic. Which Google Cloud service should they use to test the path and identify the blocking rule?
47A company is using Cloud NAT to allow private VMs to access the internet. They want to troubleshoot connectivity failures and analyze connection attempts that were dropped due to NAT resource exhaustion. What should they enable?
48An organization has a global web application deployed behind an External HTTPS Load Balancer. They want to reduce egress costs for users in Europe who are served from the same region. The application is already using Cloud CDN. Which additional action will MOST effectively reduce egress costs for these users?
49A network engineer notices asymmetric routing between two VPCs connected via VPC peering. Traffic from VPC A to VPC B flows correctly, but return traffic from VPC B to VPC A drops. What is the most likely cause?
50A company wants to analyze VPC Flow Logs to identify the top talkers (source IPs) generating the most traffic to their web servers. They have enabled VPC Flow Logs on the subnet. Where should they export the logs for cost-effective querying and analysis?
51An organization has a VPC with several subnets and wants to monitor firewall rule usage to identify rules that are overly permissive (e.g., allowing all traffic from 0.0.0.0/0). Which Google Cloud service provides this insight?
52A company uses an external HTTP Load Balancer with Cloud Armor. They want to log all requests that are blocked by Cloud Armor security policies for compliance auditing. What should they enable?
53A network engineer is troubleshooting connectivity issues between two Compute Engine instances in the same VPC but different subnets (us-east1 and europe-west1). The engineer suspects an MTU issue. What is the default MTU for traffic within Google Cloud, and what MTU should the engineer expect when packets traverse the internet?
54An organization wants to mirror all traffic from a set of Compute Engine instances to a third-party IDS appliance running on a separate instance in the same VPC. The IDS appliance must receive a copy of both ingress and egress traffic without impacting production traffic. Which Google Cloud service should they use?
55A company has a VPC with 200 custom routes and wants to set up VPC peering with another VPC. The VPC peering quota limits the number of routes per VPC. What should the engineer do to avoid hitting the quota?
56A network engineer is investigating packet loss between two GCP regions using the Performance Dashboard. The dashboard shows high packet loss but no corresponding latency increase. What is the most likely cause of this packet loss?
57A developer wants to enable VPC Flow Logs on a subnet to capture metadata about IP traffic. They want to reduce costs by logging only a sample of traffic. What is the default sampling rate for VPC Flow Logs?
58A security team wants to capture and analyze all DNS queries from their Compute Engine instances to detect potential data exfiltration. They have enabled VPC Flow Logs. Which TWO additional steps should they take to capture DNS query details?
59A company is using Cloud Router with BGP for connectivity to an on-premises network via Partner Interconnect. The BGP session is flapping. Which THREE actions should the engineer take to diagnose the issue?
60A company wants to optimize costs for egress traffic from Compute Engine instances to the internet. They are considering using Cloud CDN and Private Google Access. Which TWO statements correctly describe how these services can reduce egress costs?
61A company uses VPC Flow Logs to analyze traffic patterns. They notice that the logs show only 50% of the actual flows. What is the most likely cause?
62An engineer needs to verify that a Compute Engine instance can reach a specific IP address on the internet, considering firewall rules and routes. Which Network Intelligence Center tool should they use?
63A company has two VPC networks connected via VPC Network Peering. They observe asymmetric routing causing connectivity issues. Which configuration is most likely to be the root cause?
64A network engineer wants to capture all traffic to and from a specific Compute Engine instance for security analysis and forward it to an IDS appliance in another VPC. Which GCP service should they use?
65An organization wants to reduce egress costs for data sent from Compute Engine instances to users worldwide. Which TWO approaches should they consider? (Choose TWO.)
66A company uses VPC Flow Logs exported to BigQuery for security analysis. They need to identify traffic to a known malicious IP. Which THREE fields can be used in a BigQuery query to filter this traffic? (Choose THREE.)
67A network engineer is troubleshooting high latency between two VM instances in different GCP regions. Which TWO tools can help identify packet loss and latency issues? (Choose TWO.)
68An organization needs to monitor and analyze firewall rule activity for security auditing. Which TWO actions should they take? (Choose TWO.)
69A company is migrating to Google Cloud and needs to connect their on-premises data center to a VPC using Cloud VPN with dynamic routing (BGP). They want high availability and automatic failover. Which THREE components are required? (Choose THREE.)
70An engineer needs to monitor Cloud NAT gateway usage for cost allocation and troubleshooting. Which TWO types of logs should they enable? (Choose TWO.)
The Managing, Monitoring, and Optimising Network Operations domain covers the key concepts tested in this area of the PCNE exam blueprint published by Google Cloud. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all PCNE domains — no account required.
The Courseiva PCNE question bank contains 70 questions in the Managing, Monitoring, and Optimising Network Operations domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Managing, Monitoring, and Optimising Network Operations domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included