Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Implementing hybrid interconnectivity practice sets

PCNE Implementing hybrid interconnectivity • Complete Question Bank

PCNE Implementing hybrid interconnectivity — All Questions With Answers

Complete PCNE Implementing hybrid interconnectivity question bank — all 0 questions with answers and detailed explanations.

144
Questions
Free
No signup
Certifications/PCNE/Practice Test/Implementing hybrid interconnectivity/All Questions
Question 1easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company is deploying a Dedicated Interconnect with a 10 Gbps circuit to Google Cloud. They need to ensure high availability. Which configuration is required by Google Cloud to meet the high availability SLA?

Question 2mediummultiple choice
Open the full BGP breakdown →

A company has a Hybrid Connectivity setup using Cloud VPN with dynamic routing (BGP). They notice that traffic from their on-premises network to Google Cloud is intermittently dropping. The on-premises BGP speaker is sending routes with a higher local preference (200) than the Google Cloud router (default 100). What is the most likely cause of the intermittent drops?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is connecting five on-premises data centers to Google Cloud using Cloud Interconnect. Each data center has a dedicated 10 Gbps connection. They want to ensure that if one Interconnect fails, traffic is automatically redistributed across the remaining connections without manual intervention. Which solution meets this requirement?

Question 4easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization wants to migrate legacy on-premises applications to Google Cloud but must maintain low-latency connectivity for real-time data synchronization. The on-premises data center is in a colocation facility that is not directly served by Google Cloud. Which hybrid connectivity option is most cost-effective while meeting the latency requirement?

Question 5mediummultiple choice
Open the full BGP breakdown →

A company is using Cloud VPN with BGP to connect their on-premises network to Google Cloud. They have two VPN tunnels from two different on-premises VPN gateways to a single Cloud VPN gateway. They notice that during maintenance on one on-premises gateway, traffic fails over to the other tunnel, but after the maintenance, traffic does not fail back. What is the most likely cause?

Question 6hardmultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A financial services company is required to encrypt all data in transit between their on-premises data center and Google Cloud. They have a Dedicated Interconnect connection. They want to meet the encryption requirement while minimizing overhead and complexity. Which solution should they implement?

Question 7easymultiple choice
Read the full VPN explanation →

A company wants to connect their VPC to an on-premises network using Cloud VPN. They need to ensure that traffic from Google Cloud to on-premises uses a specific route only when the primary path is available, and otherwise fails over to a backup path. Which configuration should they use?

Question 8mediummultiple choice
Open the full VLAN trunking answer →

An enterprise is using a 10 Gbps Dedicated Interconnect between their on-premises data center and Google Cloud. They measure throughput and find it is only 5 Gbps even though there is no congestion. The on-premises router is configured with a single VLAN attachment. What is the most likely cause?

Question 9mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

A company is planning to connect multiple VPCs in different regions to their on-premises network using a single Dedicated Interconnect. Which TWO configurations are required to achieve this?

Question 10hardmulti select
Open the full BGP breakdown →

A company has a Hybrid Connectivity setup using Cloud VPN with BGP. They want to migrate to Dedicated Interconnect for better performance. During the migration, they need to avoid downtime. Which THREE steps should they take?

Question 11easymulti select
Open the full VLAN trunking answer →

A company is troubleshooting connectivity issues between their on-premises network and Google Cloud over a Dedicated Interconnect. They can ping the VLAN attachment IP but cannot reach Compute Engine instances. Which TWO checks should they perform?

Question 12mediummulti select
Open the full VLAN trunking answer →

A company is using Cloud Interconnect with multiple VLAN attachments. They want to implement traffic shaping to prioritize real-time traffic over bulk transfers. Which THREE actions should they take?

Question 13hardmultiple choice
Open the full BGP breakdown →

Refer to the exhibit. The Cloud Router shows one BGP peer as ESTABLISHED and one as IDLE. The best routes show two routes to the same destination with different priorities. What is the most likely reason the IDLE peer is not establishing?

Exhibit

Refer to the exhibit.

```
$ gcloud compute routers get-status router-1 --region=us-central1
kind: compute#routerStatus
result:
  bgpPeerStatus:
  - name: peer-1
    ipAddress: 169.254.1.1
    peerIpAddress: 169.254.1.2
    status: ESTABLISHED
    routesLearned: 120
  - name: peer-2
    ipAddress: 169.254.2.1
    peerIpAddress: 169.254.2.2
    status: IDLE
    routesLearned: 0
  bestRoutesForRouter:
  - dest: 10.0.0.0/8
    nextHop: 169.254.1.2
    priority: 100
  - dest: 10.0.0.0/8
    nextHop: 169.254.2.2
    priority: 200
```
Question 14hardmultiple choice
Open the full BGP breakdown →

A large e-commerce company has a hybrid cloud setup with a Dedicated Interconnect between their on-premises data center in Dallas and Google Cloud us-central1 region. They have a single VLAN attachment with a Cloud Router that uses BGP to exchange routes. The on-premises network uses 10.0.0.0/8, and Google Cloud VPC uses 172.16.0.0/16. They recently deployed a new application in us-west1 that uses IP range 172.17.0.0/16. They created a VPC peering between the us-central1 VPC and the us-west1 VPC. On-premises users can reach the us-central1 workloads but cannot reach the us-west1 application. There are no firewall rules blocking traffic. The on-premises router has a default route pointing to the Interconnect. What is the most likely cause of the issue?

Question 15mediummultiple choice
Open the full VLAN trunking answer →

A company needs to connect their on-premises data center to Google Cloud using Dedicated Interconnect. They have a service level agreement that requires 99.99% availability for the connection. What is the minimum number of VLAN attachments they must provision, and how should they be configured to meet this SLA?

Question 16hardmultiple choice
Open the full BGP breakdown →

An organization is using Cloud VPN with dynamic routing (BGP) to connect their on-premises network to Google Cloud. They notice that traffic from Google Cloud to on-premises is not using the VPN tunnel but instead going through the internet. They have verified that the VPN tunnel is up and BGP sessions are established. Which configuration issue is most likely causing this behavior?

Question 17easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company wants to migrate a legacy application to Google Cloud that requires low-latency communication with on-premises databases. The application is latency-sensitive and must use private IP addresses only. Which hybrid connectivity solution should they choose?

Question 18mediummultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization has multiple VPCs in Google Cloud that need to communicate with an on-premises network through a single Dedicated Interconnect. All VPCs are in the same project. What is the most efficient way to enable connectivity from all VPCs to on-premises?

Question 19mediummultiple choice
Open the full BGP breakdown →

A network engineer is troubleshooting a Cloud VPN tunnel that is not passing traffic. The tunnel status shows as established, and BGP sessions are up. However, traffic from an on-premises subnet (10.0.1.0/24) to a GCP subnet (192.168.1.0/24) is not working. What should the engineer check first?

Question 20hardmultiple choice
Open the full BGP breakdown →

A network engineer is troubleshooting connectivity between an on-premises network and Google Cloud. The on-premises router has two BGP sessions configured for redundancy with a Cloud Router. The engineer runs the command above. Which issue does the output indicate?

Exhibit

Refer to the exhibit.

```
$ gcloud compute routers get-status my-router --region=us-central1
kind: compute#routerStatusResponse
result:
  router: my-router
  bgpPeerStatus:
  - name: peer-a
    ipAddress: 169.254.1.1
    peerIpAddress: 169.254.1.2
    status: UP
    numUp: 1
    numLearned: 0
    advertisedRoutes:
    - 10.0.0.0/8
    learnedRoutes: []
  - name: peer-b
    ipAddress: 169.254.2.1
    peerIpAddress: 169.254.2.2
    status: DOWN
    numUp: 0
    numLearned: 0
    advertisedRoutes: []
    learnedRoutes: []
```
Question 21easymultiple choice
Open the full VLAN trunking answer →

A network engineer is setting up Dedicated Interconnect and sees the output above. What does the 'encryption: IPSEC' field indicate about this VLAN attachment?

Exhibit

Refer to the exhibit.

```
$ gcloud compute interconnects attachments describe my-attachment --region=us-central1
binding: 0
cloudRouterIpAddress: 169.254.1.1/29
customerRouterIpAddress: 169.254.1.2/29
dataplaneVersion: 2
encryption: IPSEC
interconnect: my-interconnect
privateInterconnectInfo:
  tag8021q: 100
state: ACTIVE
type: DEDICATED
vlanTag8021q: 100
```
Question 22mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

A company is designing a hybrid network with Partner Interconnect. They need to ensure high availability and meet a 99.99% SLA. Which TWO actions should they take?

Question 23mediummulti select
Read the full VPN explanation →

An organization is using Cloud VPN with dynamic routing and wants to improve failover time between two VPN tunnels. Which THREE configuration changes can help reduce failover time?

Question 24mediummultiple choice
Open the full BGP breakdown →

A company is setting up a Dedicated Interconnect connection between their on-premises network and Google Cloud. They have configured a VLAN attachment and assigned a Cloud Router with BGP sessions. They notice that traffic is being dropped intermittently. The BGP session status shows 'Established' but routes are not being exchanged consistently. What is the most likely cause?

Question 25easymultiple choice
Read the full VPN explanation →

A company wants to connect their on-premises network to Google Cloud using a VPN with high availability and 99.99% SLA. They have two Cloud VPN gateways, each with two external IP addresses. Which configuration best meets the high availability requirement?

Question 26hardmultiple choice
Open the full BGP breakdown →

A network engineer configured a Cloud Router with the BGP configuration shown. The on-premises router (AS 64512) is peering with the Cloud Router (AS 65001) over a Dedicated Interconnect VLAN attachment. The engineer notices that traffic from on-premises to Google Cloud is not being routed via this interconnect as expected. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
# Cloud Router BGP configuration
router bgp 65001
 neighbor 169.254.0.1 remote-as 64512
 neighbor 169.254.0.1 ebgp-multihop 2
 neighbor 169.254.0.1 update-source loopback0
 address-family ipv4 unicast
  neighbor 169.254.0.1 route-map SET-MED in
  neighbor 169.254.0.1 route-map SET-LOCAL-PREF out
!
route-map SET-MED permit 10
 set metric 100
!
route-map SET-LOCAL-PREF permit 10
 set local-preference 200
```
Question 27mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

A company is planning to migrate workloads to Google Cloud and needs to establish hybrid connectivity with high bandwidth (10 Gbps) and low latency. They also require the ability to scale bandwidth up to 80 Gbps in the future. Which TWO options should they consider?

Question 28hardmultiple choice
Open the full BGP breakdown →

A large enterprise has a multi-site on-premises network with two data centers (DC1 and DC2) connected via a private WAN. They are migrating critical applications to Google Cloud and have established a Dedicated Interconnect at each data center, each with a single VLAN attachment (vlan-attachment-1 from DC1, vlan-attachment-2 from DC2) connected to a single VPC network in us-central1. Each VLAN attachment uses a separate Cloud Router (router-us-central1-dc1 and router-us-central1-dc2) with BGP sessions advertising the same on-premises prefixes. The VPC has auto-mode subnet ranges. They notice that traffic from Google Cloud to on-premises is flowing only through DC1, and when DC1's interconnect fails, traffic fails over to DC2, but after DC1 recovers, traffic does not return to DC1. The on-premises routers are advertising the same prefixes with equal MED values. What is the most likely cause and the best corrective action?

Question 29mediummulti select
Open the full BGP breakdown →

A company has a Dedicated Interconnect connection between their on-premises data center and Google Cloud. They are experiencing intermittent connectivity issues on a specific VLAN attachment. The VLAN attachment is configured with a single Cloud Router and BGP sessions are established. Which two steps should they take to troubleshoot the issue? (Choose two.)

Question 30easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company is deploying a hybrid cloud solution using Partner Interconnect. They have ordered a 1 Gbps connection from a partner at a colocation facility. The on-premises network uses a 10 Gbps link to the colo, and the partner provides a single 1 Gbps connection to Google Cloud. The company wants to connect two separate VPC networks in Google Cloud (production and development) to their on-premises network. Each VPC requires 500 Mbps of dedicated bandwidth. The company also needs high availability for the connection. What should they do?

Question 31mediumdrag order
Open the full BGP breakdown →

Drag and drop the steps to configure Cloud Router with BGP for on-premises connectivity into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 32mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to troubleshoot a VPN tunnel that is not passing traffic into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 33mediumdrag order
Read the full Implementing hybrid interconnectivity explanation →

Drag and drop the steps to configure a global external HTTP(S) load balancer in Google Cloud into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 34mediummatching
Read the full Implementing hybrid interconnectivity explanation →

Match each VPC firewall rule component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Determines rule evaluation order (lower number = higher priority)

Specifies ingress or egress traffic

Allow or deny matching traffic

Specifies IP ranges or tags for traffic filtering

Selects VM instances to apply the rule

Question 35mediummatching
Read the full Implementing hybrid interconnectivity explanation →

Match each VPC networking concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Regional IP range within a VPC

Connection between two VPCs for private IP communication

VPC from one project shared with other projects

Outbound internet access for private instances

Access Google APIs from on-premises or other clouds

Question 36mediummatching
Read the full Implementing hybrid interconnectivity explanation →

Match each Google Cloud Armor feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Pre-configured rules to block common web attacks

Limits requests per client to prevent abuse

Allows or denies traffic from specific IPs

ML-based detection of DDoS and application attacks

Rules attached to backend services or load balancers

Question 37mediummultiple choice
Open the full BGP breakdown →

A company needs to connect their on-premises data center to Google Cloud with a consistent, high-availability connection that offers 99.99% availability SLA. The on-premises router supports VLAN tagging and BGP. They expect to burst up to 50 Gbps peak traffic. Which interconnect solution should they choose?

Question 38hardmultiple choice
Open the full BGP breakdown →

A network engineer has configured a Dedicated Interconnect with a VLAN attachment and Cloud Router. BGP sessions are up and routes are exchanged. However, traffic from a specific on-premises subnet is not reaching a VPC instance. The route table shows a custom static route with priority 1000 for that subnet pointing to a VPN tunnel, and a BGP learned route with priority 100 for the same subnet via Interconnect. What is the most likely reason for the traffic not using the Interconnect route?

Question 39easymultiple choice
Open the full BGP breakdown →

You are designing a hybrid network using Cloud VPN with dynamic routing (BGP) to connect multiple on-premises sites to Google Cloud. What is a best practice to avoid asymmetric routing when you have multiple VPN tunnels from different on-premises routers?

Question 40mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

An organization needs low-latency connectivity between their on-premises data center and Google Cloud, supporting up to 20 Gbps throughput. They already have a Partner Interconnect connection but need to increase capacity. Which two actions should they take? (Choose two.)

Question 41hardmultiple choice
Open the full BGP breakdown →

Your company has a Dedicated Interconnect between on-premises and Google Cloud. After a maintenance window, some routes are missing from the on-premises side. On the Cloud Router, you see that the BGP session status is 'ESTABLISHED'. However, the route table on the on-premises router does not contain any of the VPC subnets. What is the most likely cause?

Question 42easymultiple choice
Open the full BGP breakdown →

You are troubleshooting an HA VPN connection between Google Cloud and on-premises. The tunnels appear as 'UP' but no routes are exchanged. The Cloud Router logs show 'BGP session state: IDLE'. What is the most likely cause?

Question 43mediummultiple choice
Open the full VLAN trunking answer →

A company uses a shared VPC with multiple service projects. They want to connect their on-premises data center to the shared VPC through a Dedicated Interconnect. Where should they configure the Cloud Router and VLAN attachment?

Question 44hardmultiple choice
Open the full VLAN trunking answer →

You have set up a Dedicated Interconnect with two VLAN attachments (each 10 Gbps) and configured ECMP on the Cloud Router. You observe that traffic from on-premises to a specific VM is only using one attachment. What is the most likely cause?

Question 45easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization requires a hybrid connectivity option that offers an SLA of 99.99% availability and supports bandwidth up to 100 Gbps. They are willing to manage their own physical infrastructure in a Google colocation facility. Which connectivity solution should they choose?

Question 46mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

Which TWO of the following are required steps to set up a Dedicated Interconnect?

Question 47hardmulti select
Open the full BGP breakdown →

Which THREE of the following could cause a Dedicated Interconnect BGP session to go to the 'IDLE' state?

Question 48easymulti select
Read the full Implementing hybrid interconnectivity explanation →

Which TWO situations are most appropriate for using Partner Interconnect instead of Dedicated Interconnect?

Question 49easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company has a Dedicated Interconnect with one 10 Gbps connection. They need high availability for critical workloads. Which design is the best practice according to Google Cloud recommendations?

Question 50mediummultiple choice
Open the full BGP breakdown →

A network engineer is configuring a Cloud VPN tunnel with route-based VPN and BGP. The tunnel is established, but the Cloud Router does not learn any routes from the on-premises peer. What is the most likely cause?

Question 51hardmultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company with multiple VPCs in a Shared VPC environment wants to connect their on-premises network to all VPCs with high availability and minimal cost. They already have a Dedicated Interconnect. What is the most efficient solution?

Question 52mediummultiple choice
Open the full BGP breakdown →

An on-premises router uses BGP ASN 64512. The Cloud Router is also configured with ASN 64512. When the BGP peering is established, what behavior is expected?

Question 53easymultiple choice
Open the full BGP breakdown →

Which Google Cloud hybrid connectivity option can be configured without using BGP?

Question 54mediummultiple choice
Read the full NAT/PAT explanation →

A company is using Partner Interconnect to connect to Google Cloud. They notice that traffic from on-premises to GCP takes one path, but return traffic takes a different path, causing asymmetric routing. How can they resolve this?

Question 55hardmultiple choice
Open the full VLAN trunking answer →

A Dedicated Interconnect VLAN attachment is in ACTIVE state. The Cloud Router has learned routes from on-premises, and the on-premises router has learned routes from GCP. However, traffic from on-premises to a GCP VM fails. What should the engineer check first?

Question 56easymultiple choice
Open the full VLAN trunking answer →

What is the maximum number of VLAN attachments that can be configured on a single 10 Gbps Dedicated Interconnect connection?

Question 57mediummultiple choice
Read the full VPN explanation →

A customer is configuring a route-based IPsec VPN tunnel to Google Cloud. On their on-premises router, they must specify traffic selectors (proxy IDs). What should they set the local and remote traffic selectors to?

Question 58easymulti select
Read the full Implementing hybrid interconnectivity explanation →

Which TWO configurations provide high availability for Dedicated Interconnect? (Choose two.)

Question 59mediummulti select
Read the full VPN explanation →

Which THREE factors can affect the throughput of a Cloud VPN tunnel? (Choose three.)

Question 60hardmulti select
Open the full BGP breakdown →

Which TWO statements about Cloud Router BGP are correct? (Choose two.)

Question 61easymultiple choice
Read the full VPN explanation →

A company wants to connect an on-premises network to Google Cloud using Cloud VPN. The on-premises network has a single subnet and no dynamic routing capabilities. The company needs a simple, low-cost solution. Which VPN configuration should they choose?

Question 62mediummultiple choice
Open the full BGP breakdown →

An engineer is configuring Dedicated Interconnect between an on-premises data center and Google Cloud. Cloud Router is set up with BGP sessions. The BGP session remains in Idle state. Which of the following is the most likely cause?

Question 63hardmultiple choice
Open the full BGP breakdown →

A company has two Dedicated Interconnect connections to two separate Google Cloud regions for redundancy. They use Cloud Router with BGP to exchange routes. They want to ensure that traffic from on-premises to a specific VPC in us-central1 uses only the interconnect to us-central1, and the other interconnect is used only as a backup. How can they achieve this?

Question 64easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization wants to connect their on-premises network to Google Cloud using Partner Interconnect. Which of the following is a requirement that must be met before the partner can provision the connection?

Question 65mediummultiple choice
Open the full BGP breakdown →

An enterprise uses HA VPN to connect their on-premises network to Google Cloud. The on-premises side has a single VPN device that supports BGP. They want to maximize availability. What is the recommended Google Cloud configuration?

Question 66hardmultiple choice
Read the full Implementing hybrid interconnectivity explanation →

Company A and Company B both have networks in Google Cloud. They want to connect their VPCs using VPC peering, but they have overlapping IP addresses. How can they resolve this?

Question 67easymultiple choice
Open the full BGP breakdown →

A network engineer is configuring Cloud Router for Dedicated Interconnect. The on-premises router is advertising a route to 10.1.0.0/16. The engineer wants to ensure that Google Cloud always prefers this route over other routes learned from different on-premises routers. Which BGP attribute should be set on the on-premises router?

Question 68mediummultiple choice
Open the full BGP breakdown →

An engineer has configured an HA VPN tunnel between an on-premises network and Google Cloud. The tunnel status shows as established, but traffic is not flowing. The engineer checks the Cloud Router BGP session and sees it is in the Active state. What is the most likely cause?

Question 69hardmultiple choice
Open the full BGP breakdown →

A company has two HA VPN tunnels from on-premises to Google Cloud using two separate Cloud Routers for redundancy. The on-premises network uses BGP and advertises a default route to Google Cloud. The company wants to ensure that traffic from Google Cloud to on-premises prefers the primary Cloud Router over the secondary. Which configuration should be applied?

Question 70easymulti select
Read the full VPN explanation →

Which two of the following are prerequisites for configuring an HA VPN tunnel to an on-premises network? (Choose two.)

Question 71mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

Which three of the following are best practices for designing a highly available Dedicated Interconnect connection to Google Cloud? (Choose three.)

Question 72mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

An enterprise is evaluating connectivity options to Google Cloud. They have moderate bandwidth requirements (up to 1 Gbps) and need high availability. Which two of the following are appropriate solutions? (Choose two.)

Question 73mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. The Cloud Router is connected to two on-premises routers via dedicated interconnect. The on-premises routers advertise the same prefix 10.1.0.0/16. Which on-premises router's route will be preferred by Google Cloud for traffic destined to 10.1.0.0/24? (Assume equal AS path length and MED from on-premises.)

Exhibit

gcloud compute routers describe my-router --region=us-central1
---
bgp:
  advertiseMode: CUSTOM
  advertisedGroups:
  - ALL_SUBNETS
  advertisedIpRanges:
  - range: 10.0.0.0/8
  asn: 65001
bgpPeers:
- interfaceName: if-bgp-1
  ipAddress: 169.254.0.2
  peerIpAddress: 169.254.0.1
  peerAsn: 65002
  advertisedRoutePriority: 100
  customLearnedRoutePriority: 200
- interfaceName: if-bgp-2
  ipAddress: 169.254.1.2
  peerIpAddress: 169.254.1.1
  peerAsn: 65002
  advertisedRoutePriority: 100
  customLearnedRoutePriority: 100
Question 74mediummultiple choice
Open the full BGP breakdown →

Refer to the exhibit. An engineer has configured HA VPN with two tunnels (tunnel-a and tunnel-b) to an on-premises network. The BGP session for peer-b is in IDLE state. What is the most likely cause?

Network Topology
gcloud compute vpn-tunnels listregion=us-central1NAME REGION GATEWAY PEER_ADDRESS STATUStunnel-a us-central1 vpn-gw-1 203.0.113.1 ESTABLISHEDtunnel-b us-central1 vpn-gw-1 203.0.113.2 ESTABLISHEDresult:bgpPeerStatus:- name: bgp-peer-aipAddress: 169.254.0.1peerIpAddress: 169.254.0.2status: ESTABLISHEDadvertisedRoutes:- 10.1.0.0/16- name: bgp-peer-bipAddress: 169.254.1.1peerIpAddress: 169.254.1.2status: IDLEadvertisedRoutes: []
Question 75hardmultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A network engineer configured a Cloud Router to advertise the on-premises subnet 10.0.0.0/8 to the VPC. However, traffic from VPC instances to 10.0.0.0/8 is being dropped. What is the most likely issue?

Exhibit

{
  "bgp": {
    "asn": "64512",
    "advertiseMode": "CUSTOM",
    "advertisedGroups": [],
    "advertisedIpRanges": [
      {"range": "10.0.0.0/8", "description": "on-premises subnet"}
    ],
    "bgpPeers": [
      {
        "name": "peer-1",
        "peerAsn": "64513",
        "peerIpAddress": "169.254.0.1",
        "advertisedRoutePriority": 100
      }
    ]
  }
}
Question 76mediummultiple choice
Open the full BGP breakdown →

A company is deploying a Global Cloud VPN with multiple tunnels from different Cloud Router instances to the same on-premises peer. The on-premises BGP speaker is configured with multiple peers. How should they configure the BGP ASN on the Cloud Routers to ensure optimal routing?

Question 77hardmultiple choice
Open the full BGP breakdown →

Refer to the exhibit. A Cloud VPN tunnel is configured between an on-premises router and Google Cloud. The BGP session is not established. The on-premises router shows 'Connection refused'. What is the most likely cause?

Exhibit

Refer to the exhibit.

Output from an on-premises router:
```
show bgp vpnv4 unicast neighbors 169.254.1.1
BGP neighbor is 169.254.1.1, vrf default
 BGP version 4, remote router ID 10.0.0.1
 BGP state = Connect
 Last read never, last write never
 Hold time is 90, keepalive interval is 30 seconds
 No using MD5 authentication
 Error: Connection refused
```
Question 78easymultiple choice
Open the full BGP breakdown →

A company wants to connect their on-premises data center to Google Cloud using Dedicated Interconnect. They have ordered a 10 Gbps connection and plan to use a single VLAN attachment. How many Cloud Router interfaces are required for a single VLAN attachment with active/active BGP?

Question 79hardmultiple choice
Open the full BGP breakdown →

A network engineer is troubleshooting an HA VPN setup between Google Cloud and an on-premises data center. The two tunnels are established, and BGP sessions are up on both tunnels. However, traffic from Google Cloud to the on-premises network is only using one tunnel, even though both BGP sessions are advertising the same routes. What is the most likely cause?

Question 80mediummultiple choice
Read the full NAT/PAT explanation →

A company is using Partner Interconnect to connect their data center to Google Cloud. They notice that traffic from their on-premises network to a specific subnet in VPC is taking a suboptimal path. Which action should they take to influence the routing preference?

Question 81easymultiple choice
Read the full VPN explanation →

A customer wants to use Cloud VPN to connect a small branch office to Google Cloud. The branch office has a dynamic public IP address. Which Cloud VPN type should they use?

Question 82mediummultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization has multiple VPCs in different regions that need to connect to a single on-premises data center via Dedicated Interconnect. They want to minimize cost and complexity. What is the recommended architecture?

Question 83hardmultiple choice
Open the full BGP breakdown →

Refer to the exhibit. A Cloud VPN tunnel is configured with the above Cloud Router configuration. The on-premises BGP peer is at 169.254.0.2 with ASN 65001. The on-premises router is receiving the route 10.0.0.0/8 from the Cloud Router, but it is not receiving any of the specific subnets (e.g., 10.1.0.0/16) that exist in the VPC. What is the most likely cause?

Exhibit

Refer to the exhibit.

Cloud Router configuration snippet:
```
resource "google_compute_router" "router" {
  name    = "cloud-router"
  network = "default"
  bgp {
    asn = 64512
  }
}

resource "google_compute_router_interface" "interface1" {
  name       = "if-1"
  router     = google_compute_router.router.name
  region     = "us-central1"
  ip_range   = "169.254.0.1/30"
  vpn_tunnel = google_compute_vpn_tunnel.tunnel1.self_link
}

resource "google_compute_router_peer" "peer1" {
  name                      = "peer1"
  router                    = google_compute_router.router.name
  region                    = "us-central1"
  peer_ip_address           = "169.254.0.2"
  peer_asn                  = 65001
  interface                 = "if-1"
  advertise_mode            = "CUSTOM"
  advertised_route_priority = 100
  advertised_ip_ranges {
    range = "10.0.0.0/8"
  }
}
```
Question 84mediummultiple choice
Review the full routing breakdown →

A company has deployed Dedicated Interconnect with a 10 Gbps connection. They are experiencing packet loss when transferring large files. The on-premises MTU is set to 1500. What is the maximum MTU that can be set on the Cloud Router interface to avoid fragmentation?

Question 85mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

Which TWO are valid methods to allow on-premises traffic to reach Google Cloud resources that only have internal (private) IP addresses? (Choose two.)

Question 86hardmulti select
Open the full BGP breakdown →

Which THREE are true regarding Cloud HA VPN when used with dynamic routing (BGP)? (Choose three.)

Question 87easymulti select
Read the full Implementing hybrid interconnectivity explanation →

Which TWO are necessary components for setting up Dedicated Interconnect? (Choose two.)

Question 88mediummultiple choice
Open the full BGP breakdown →

Refer to the exhibit. A BGP session between a Cloud Router and an on-premises router is not establishing. The Cloud Router logs show 'BGP_OPEN_MSG_ERROR: unsupported capability'. What is the most likely issue?

Exhibit

Refer to the exhibit.

Log entry from Cloud Router:
```
{
  "jsonPayload": {
    "routerName": "cloud-router-us-1",
    "status": {
      "code": "BGP_OPEN_MSG_ERROR",
      "details": {
        "error": "BGP OPEN message error: unsupported capability"
      }
    }
  }
}
```
Question 89hardmultiple choice
Open the full BGP breakdown →

Refer to the exhibit. An engineer is troubleshooting a dual-tunnel HA VPN. The BGP session on one interface is established (State/PfxRcd 1) but the other is stuck in Active state. What can cause this?

Exhibit

Refer to the exhibit.

Output from a Cloud Router BGP session:
```
show ip bgp summary
BGP router identifier 10.0.0.1, local AS number 64512
Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
169.254.1.1     4       65001      10      12        0    0    0 00:01:23      1
169.254.1.1     4       65001       0       0        0    0    0 00:00:34  Active
```
Question 90easymultiple choice
Read the full VPN explanation →

A company wants to use a third-party VPN appliance on Google Cloud (Compute Engine) to connect to an on-premises network. Which networking feature must be enabled to allow the VPN appliance to forward traffic between VPC subnets and the tunnel?

Question 91easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company needs private connectivity between its on-premises data center and Google Cloud with consistent low latency and high throughput. The on-premises location is close to a Google Cloud point of presence that supports Dedicated Interconnect. The company expects to use more than 10 Gbps of bandwidth in the near future. Which connectivity solution should they choose?

Question 92mediummultiple choice
Open the full BGP breakdown →

A company has set up an HA VPN tunnel between their on-premises router and a Cloud Router in Google Cloud. The on-premises router establishes BGP sessions to both Cloud Router instances, but the routes learned from one Cloud Router instance are not being received. The other instance works fine. What is the most likely cause?

Question 93hardmultiple choice
Read the full VPN explanation →

A company is designing an HA VPN to connect their on-premises data center to Google Cloud VPC. The on-premises router supports two independent interfaces with public IPs. They want to achieve 99.99% availability for the VPN connection, understanding that HA VPN uses two tunnels and two Cloud Router instances. Which configuration meets this goal?

Question 94easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

An organization uses Partner Interconnect to connect their on-premises network to Google Cloud. They are experiencing intermittent connectivity issues and suspect the partner service provider is causing the problem. Which Google Cloud tool or feature can help verify the connection status and performance from the Google Cloud side?

Question 95mediummultiple choice
Open the full BGP breakdown →

A company has deployed a Dedicated Interconnect with multiple VLAN attachments connected to a single Cloud Router. They want to influence inbound traffic from on-premises to Google Cloud to use a specific attachment for certain prefixes. Which BGP attribute can they manipulate on the on-premises router to achieve this?

Question 96hardmultiple choice
Review the full routing breakdown →

A global company has multiple on-premises data centers connected to Google Cloud via separate Dedicated Interconnects. Each on-premises site advertises the same IP prefix for a critical application. They want to ensure that traffic from Google Cloud to that prefix is load-balanced across the two interconnects and also provide automatic failover. Which configuration on Cloud Router meets this requirement?

Question 97easymultiple choice
Open the full BGP breakdown →

An organization has an on-premises router that only supports static routing and does not support BGP. They need private connectivity to a single Google Cloud VPC. Which solution should they use?

Question 98mediummultiple choice
Open the full BGP breakdown →

A company is using Cloud VPN to connect to Google Cloud. They notice that traffic from their on-premises network to Google Cloud is not being routed correctly after a recent change. On the on-premises router, they verify that the BGP session is established and routes are received. Which step should they take next to troubleshoot?

Question 99hardmultiple choice
Open the full BGP breakdown →

A company has two Dedicated Interconnects in different metro regions connecting to Google Cloud. They want to use BGP communities to influence Cloud Router's route selection to prefer the closer interconnect for outbound traffic to on-premises. Which community action can they apply on the on-premises routers?

Question 100mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

A company is planning to connect their on-premises network to Google Cloud using Dedicated Interconnect. They require high availability for the connection. Which TWO of the following are recommended by Google for achieving high availability? (Choose two.)

Question 101hardmulti select
Read the full VPN explanation →

A company currently uses Cloud VPN with dynamic routing to connect to Google Cloud. They want to migrate to Dedicated Interconnect without downtime. Which THREE steps should they take to achieve a seamless migration? (Choose three.)

Question 102easymulti select
Read the full Implementing hybrid interconnectivity explanation →

An organization is experiencing high latency on their Partner Interconnect connection. Which TWO tools or features can they use to diagnose the issue from within Google Cloud? (Choose two.)

Question 103mediummultiple choice
Open the full VLAN trunking answer →

An engineer runs the command above to check the status of a Dedicated Interconnect VLAN attachment. The state shows DEFECTIVE. The associated interconnect connection is in ACTIVE state. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
$ gcloud compute interconnects attachments describe my-attachment-1 --region us-central1
...
name: my-attachment-1
interconnect: my-interconnect
...
state: DEFECTIVE
...
```
Question 104hardmultiple choice
Open the full BGP breakdown →

A network engineer sees the above output from a Cloud Router. There are two BGP peers from the on-premises router (10.0.0.1 and 10.0.0.2). Both learned the same route 10.1.0.0/16 from their respective peers. However, traffic from Google Cloud to 10.1.0.0/16 is only going through the first peer (10.0.0.1) and not load-balanced. What could be the reason?

Exhibit

Refer to the exhibit.

```
$ gcloud compute routers get-status my-router --region us-central1
...
result:
  bgpStatus:
    - peer: 10.0.0.1
      status: established
      learnedRoutes:
        - prefix: 10.1.0.0/16
          nextHop: 10.0.0.1
      advertisedRoutes:
        - prefix: 10.2.0.0/16
    - peer: 10.0.0.2
      status: established
      learnedRoutes:
        - prefix: 10.1.0.0/16
          nextHop: 10.0.0.2
      advertisedRoutes:
        - prefix: 10.2.0.0/16
```
Question 105easymultiple choice
Review the full subnetting walkthrough →

An engineer configured a Cloud Router with the above settings. The VPC network has subnets 10.1.0.0/16 and 10.2.0.0/16, as well as subnets 10.3.0.0/16 and 10.4.0.0/16. The on-premises router is only receiving routes for 10.1.0.0/16 and 10.2.0.0/16 but not for 10.3.0.0/16 and 10.4.0.0/16. What is the cause?

Exhibit

Refer to the exhibit.

```json
{
  "routingMode": "DYNAMIC_ROUTING_MODE",
  "bgpRoutingMode": "GLOBAL",
  "advertiseMode": "CUSTOM",
  "advertisedGroups": [],
  "advertisedIpRanges": [
    {
      "range": "10.1.0.0/16",
      "description": "prod-subnet"
    },
    {
      "range": "10.2.0.0/16"
    }
  ]
}
```
Question 106easymultiple choice
Open the full BGP breakdown →

A company is setting up HA VPN between on-premises and Google Cloud. They have two Cloud VPN gateways with two tunnels each. They want to ensure automatic failover if one tunnel goes down. Which BGP configuration is a best practice?

Question 107mediummultiple choice
Review the full subnetting walkthrough →

An organization has established a Dedicated Interconnect to Google Cloud. They can ping instances in a VPC subnet but cannot connect to a service running on a different subnet within the same VPC. What is the most likely cause?

Question 108hardmultiple choice
Read the full VPN explanation →

A company with limited public IP addresses on-premises needs to connect to Google Cloud using Cloud VPN. They require high availability. Which solution should they implement?

Question 109easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

When setting up a Partner Interconnect, which Google Cloud resource is used to connect to the partner's network?

Question 110mediummultiple choice
Read the full NAT/PAT explanation →

A customer has established a Dedicated Interconnect, but traffic from on-premises to Google Cloud is still using the internet path instead of the interconnect. What is the most likely cause?

Question 111hardmultiple choice
Open the full BGP breakdown →

An organization uses HA VPN with dynamic routing and active-active BGP sessions. One tunnel fails, but traffic continues to flow through the other tunnel. However, they notice increased latency. What is the most likely explanation?

Question 112easymultiple choice
Read the full VPN explanation →

A company needs to connect multiple on-premises sites to Google Cloud using a single Cloud VPN gateway. What is the recommended approach?

Question 113mediummultiple choice
Read the full VPN explanation →

A customer reports that after setting up HA VPN, some on-premises subnets are not reachable from Google Cloud. The Cloud Router shows the missing routes. What is the most likely cause?

Question 114hardmultiple choice
Open the full BGP breakdown →

An organization has a Dedicated Interconnect with two VLAN attachments connected to two different edge availability domains (EADs). They want to use a single Cloud Router for both attachments. How many BGP sessions should be established on the Cloud Router?

Question 115mediummulti select
Read the full VPN explanation →

Which TWO statements about HA VPN are correct?

Question 116hardmulti select
Open the full BGP breakdown →

A Cloud Router BGP session is flapping. Which TWO actions are appropriate troubleshooting steps?

Question 117easymulti select
Read the full Implementing hybrid interconnectivity explanation →

Which THREE components are required to set up a Partner Interconnect connection?

Question 118hardmultiple choice
Open the full BGP breakdown →

Your company has a Dedicated Interconnect with two VLAN attachments (vlan-attachment-a and vlan-attachment-b) connected to two different Edge Availability Domains (EADs) in the us-central1 region. Both attachments are associated with a single Cloud Router named 'cr-us-central1'. On-premises, you have two routers (rtr-a and rtr-b) each connected to one VLAN attachment via BGP. The Cloud Router has four BGP sessions: rtr-a (vlan-a), rtr-a (vlan-b), rtr-b (vlan-a), rtr-b (vlan-b) — a full mesh for redundancy. All sessions are established and routes are exchanged. Recently, you added a new on-premises subnet 192.168.100.0/24 and advertised it via BGP from both on-premises routers. However, Google Cloud instances in the VPC cannot reach this subnet. Other on-premises subnets (e.g., 10.0.0.0/8) are reachable. The Cloud Router route table for 'cr-us-central1' shows multiple entries for 192.168.100.0/24, each with different next hops but all with status 'stacked'. There are no BGP route filters configured. What is the most likely cause of the issue?

Question 119easymultiple choice
Read the full VPN explanation →

A company wants to connect its on-premises data center to Google Cloud. They have a single VPN appliance on-premises and need high availability for the connection. Which architecture provides the most cost-effective high availability solution?

Question 120mediummultiple choice
Open the full BGP breakdown →

A company is using Dedicated Interconnect to connect their on-premises network to Google Cloud. They have two VLAN attachments configured, each with a separate Cloud Router with active/active BGP. They want to ensure that traffic from their on-premises network to Google Cloud uses both attachments equally. Which configuration should they implement?

Question 121hardmultiple choice
Open the full BGP breakdown →

After configuring Cloud VPN with dynamic routing (BGP), you notice that on-premises routes are not appearing in Google Cloud. BGP sessions are established but no prefixes are exchanged. Cloud Router logs show: 'No route advertisement received'. On-premises BGP configuration shows 'network 10.0.0.0/8' and 'neighbor 10.1.1.1 remote-as 65000'. What is the most likely cause?

Question 122mediummultiple choice
Read the full VPN explanation →

A company has a Cloud VPN between their on-premises network and Google Cloud. They want to ensure that traffic flows symmetrically, meaning that traffic from Google Cloud to on-premises uses the same VPN tunnel as traffic from on-premises to Google Cloud. Which best practice should they implement?

Question 123easymultiple choice
Read the full Implementing hybrid interconnectivity explanation →

A company requires a dedicated connection from their on-premises data center to Google Cloud with a guaranteed SLA of 99.99% and bandwidth starting at 10 Gbps. Which connectivity option meets these requirements?

Question 124hardmultiple choice
Open the full BGP breakdown →

An organization has a hybrid network with multiple VPN tunnels connecting their on-premises network to Google Cloud. They use Cloud Router with BGP to propagate routes. They recently added a new subnet 192.168.100.0/24 in Google Cloud. On-premises devices can reach resources in the new subnet, but Google Cloud resources cannot initiate traffic to certain on-premises hosts in the 10.0.0.0/8 subnet. BGP sessions are all established. What is the most likely cause?

Question 125easymulti select
Read the full VPN explanation →

Which TWO of the following are benefits of using Cloud Interconnect over Cloud VPN for hybrid connectivity? (Choose two.)

Question 126mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

Which THREE of the following are requirements for setting up a Dedicated Interconnect connection to Google Cloud? (Choose three.)

Question 127hardmulti select
Open the full BGP breakdown →

A Cloud VPN with dynamic routing (BGP) is established between an on-premises network and Google Cloud. The on-premises BGP router is advertising a default route (0.0.0.0/0). The Cloud Router in Google Cloud is receiving this route, but network traffic from Google Cloud VMs to the internet is not being routed through the VPN. Which THREE troubleshooting steps should you take? (Choose three.)

Question 128hardmultiple choice
Open the full BGP breakdown →

A multinational company is migrating workloads to Google Cloud and requires a hybrid connectivity solution between their on-premises data centers in New York and London and Google Cloud regions us-central1 and europe-west1. Each data center has a pair of redundant border routers. The network team has set up a Dedicated Interconnect connection in each Google Cloud region, with two VLAN attachments per region (total 4 attachments). Each VLAN attachment is associated with a separate Cloud Router. The Cloud Routers in us-central1 are configured with BGP sessions to the on-premises routers in New York, and the Cloud Routers in europe-west1 peer with the London routers. The VPC is in 'global' dynamic routing mode. After deployment, traffic from on-premises London to Google Cloud in us-central1 takes a suboptimal path: it goes from London to us-central1 via the internet instead of using the Dedicated Interconnect in europe-west1 and then internal Google Cloud backbone. All BGP sessions are up, and routes are being exchanged. The on-premises routers are advertising all their subnets. The Cloud Routers are learning the on-premises prefixes. What is the most likely cause of this suboptimal routing?

Question 129mediummultiple choice
Open the full BGP breakdown →

A company has set up a Cloud VPN with dynamic routing (BGP) between their on-premises network (AS 65001) and Google Cloud (AS 64514). They are using Cloud Router with a regional dynamic routing mode. The on-premises router is advertising a subnet 10.1.0.0/16. The Google Cloud VPC has subnet 10.2.0.0/16 in the same region as the Cloud Router. Both subnets are unique. The connection has been working for months. However, after a recent maintenance window, the on-premises router started experiencing BGP flapping with the Cloud Router. The Cloud Router logs show 'BGP notification sent: Hold timer expired'. The on-premises router logs show similar errors. The network team has verified that the VPN tunnel is established and stable. What is the most likely cause of the BGP flapping?

Question 130easymultiple choice
Open the full BGP breakdown →

A small company is moving their on-premises application to Google Cloud. They have a single on-premises office with a small router that supports IPsec VPN. They need a simple and low-cost connectivity solution that provides encryption and a consistent experience. They anticipate low bandwidth needs (under 100 Mbps). They also want the ability to use BGP for dynamic routing to avoid manual route updates. Which Google Cloud service should they use?

Question 131mediummultiple choice
Open the full BGP breakdown →

A company has a Dedicated Interconnect connection between their on-premises data center and Google Cloud. They have two VLAN attachments (vlan-100 and vlan-200) connected to two separate Cloud Routers in the same region. Each Cloud Router has a BGP session with the on-premises router. The on-premises router advertises the same prefixes (10.0.0.0/8) over both sessions. In Google Cloud, they have workloads in two different VPCs: VPC-A and VPC-B. They want traffic to VPC-A to use vlan-100, and traffic to VPC-B to use vlan-200. Cloud Router 1 is attached to VPC-A, Cloud Router 2 is attached to VPC-B. Currently, traffic from on-premises to VPC-A sometimes goes through vlan-200, causing asymmetric routing. What configuration change should they make to ensure traffic is symmetric?

Question 132hardmultiple choice
Open the full BGP breakdown →

A large enterprise has multiple on-premises data centers connected to Google Cloud via a combination of Dedicated Interconnect and Cloud VPN. They have a VPC with subnets in us-east1 and us-west1. The on-premises network advertises a prefix 10.0.0.0/8 to both Cloud Routers (each in different regions) via BGP. The Cloud Routers are configured with 'global' dynamic routing mode. The network team notices that traffic from Google Cloud instances in us-west1 to on-premises destinations in 10.0.0.0/8 is always taking the path to the closest on-premises data center (west coast) even though the west coast data center is currently under high load, causing performance degradation. The east coast data center is underutilized. They want to influence the path selection so that the west coast instances prefer the east coast data center during peak times. They are using BGP. What is the most effective method to achieve this?

Question 133mediummultiple choice
Open the full BGP breakdown →

A company has deployed Cloud HA VPN between their on-premises network and Google Cloud. They have two tunnels from the on-premises VPN appliance to the HA VPN gateway. The on-premises appliance uses a single public IP address for both tunnels, while the Cloud VPN gateway uses two different public IPs. BGP sessions are established over both tunnels, and the Cloud Router is configured with 'active/active' mode. The network team notices that all outbound traffic from Google Cloud to on-premises is using only one of the two tunnels, even though both tunnels are up. BGP metrics are identical for routes received over both sessions. What is the most likely cause?

Question 134mediummulti select
Read the full Implementing hybrid interconnectivity explanation →

A company is planning to connect their on-premises data center to Google Cloud. They require high bandwidth (10 Gbps) and low latency for real-time data replication. They also want a cost-effective solution that supports burstable traffic. Which TWO connectivity options should they consider? (Choose TWO.)

Question 135easymultiple choice
Read the full VPN explanation →

Your organization has a site-to-site Cloud VPN connection between an on-premises network with CIDR 10.0.0.0/8 and a VPC in us-central1 with subnet 192.168.1.0/24. The VPN tunnel is established, but you cannot reach a Compute Engine instance with internal IP 192.168.1.10 from a server on-premises with IP 10.0.0.50. Cloud VPN logs show no errors. On-premises firewall rules allow all outbound traffic. What is the most likely cause of the problem?

Question 136hardmultiple choice
Open the full BGP breakdown →

A financial institution is setting up Dedicated Interconnect with Google Cloud. They have two on-premises routers (R1 and R2) each connected to a separate Google Cloud router via VLAN attachments in two different zones (us-central1-a and us-central1-b). The on-premises routers are configured with BGP, and they advertise the corporate prefix 10.0.0.0/8. Google Cloud routers are configured with custom route advertisements. After provisioning, you notice that traffic from some on-premises subnets to GCP experiences asymmetrical routing, causing packet drops. You verify that both BGP sessions are established and that both Cloud Routers have received the 10.0.0.0/8 route. What is the most likely cause of the asymmetrical routing?

Question 137mediummultiple choice
Open the full BGP breakdown →

A company currently uses a site-to-site Cloud VPN (IPsec) to connect their on-premises network to a VPC. Due to growing bandwidth demands, they plan to migrate to Partner Interconnect using a supported service provider. They have ordered a 1 Gbps connection and the provider has indicated the VLAN attachment is ready. After creating the VLAN attachment and pairing it with a Cloud Router, the on-premises router sees the BGP session come up, but no traffic is forwarded over the interconnect. The Cloud VPN is still operational. What step is most likely missing?

Question 138hardmultiple choice
Open the full BGP breakdown →

A large enterprise has two on-premises data centers (DC1 and DC2) connected to Google Cloud via two separate VPN tunnels to the same VPC. Each tunnel terminates on a different Cloud VPN gateway (gateway1 in us-east1, gateway2 in us-west1). The on-premises routers advertise the same CIDR 172.16.0.0/12 from both DCs. Cloud Router is configured with BGP and uses default route priority. You notice that after a failover event where one tunnel goes down, traffic continues to flow, but there is a significant increase in latency for traffic coming from GCP to on-premises. You verify that both tunnels have re-established. What is the most likely cause of the increased latency?

Question 139mediummultiple choice
Open the full BGP breakdown →

A company has a Cloud VPN tunnel with dynamic routing (BGP) connecting their on-premises network to a VPC in us-central1. They recently added a new subnet (10.2.0.0/16) to the VPC. The on-premises network still cannot reach resources in the new subnet. The Cloud Router BGP session is established and routes from on-prem are being received. What is the most likely cause?

Question 140hardmultiple choice
Open the full VLAN trunking answer →

A financial services firm needs to connect their on-premises data center to Google Cloud VPC with 50 Gbps of bandwidth and latency under 5 ms. They are in a metropolitan area with a Google Cloud region. They require an SLA of 99.99% and need to support VLAN attachments to multiple VPCs. Which connectivity option should they choose?

Question 141easymultiple choice
Open the full BGP breakdown →

An organization has two Cloud VPN tunnels from the same on-premises router to a Cloud Router in Google Cloud. Both tunnels are using BGP, and the on-premises router is sending the same routes over both tunnels. The Cloud Router is configured to use 'route propagation' from a VPC network. Which of the following is true regarding route priority?

Question 142mediummultiple choice
Read the full VPN explanation →

A company has a VPC with subnets in us-east1 and us-west1. They have established a Cloud VPN tunnel to their on-premises network through a Cloud Router in us-east1. They want to ensure that traffic from on-premises to resources in us-west1 uses the VPN tunnel and not the public internet. What must be configured?

Question 143hardmulti select
Open the full BGP breakdown →

A network engineer is troubleshooting a BGP session between an on-premises router and a Cloud Router. The BGP session state is 'CONNECT' and never transitions to 'ESTABLISHED'. The engineer has verified that the Cloud Router and on-premises router have the same BGP ASN, and that the peer IP addresses are correctly configured. Which two additional steps should the engineer take to resolve this issue? (Choose TWO.)

Question 144easymultiple choice
Open the full BGP breakdown →

Your company has two on-premises data centers, DC1 and DC2, each connected to a separate Google Cloud VPC via Dedicated Interconnect. Both VPCs are connected via VPC Network Peering. A new application deployed in VPC1 needs to communicate with a database in DC2. The database IP range is 10.0.0.0/16. You have configured firewall rules to allow the traffic. However, the application cannot reach the database. You have verified that routes for 10.0.0.0/16 exist in VPC1's route table with next hop to VPC Peering, and in VPC2's route table with next hop to the interconnect attachment. The BGP sessions on both interconnects are up. What is the most likely reason for the connectivity failure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PCNE Practice Test 1 — 10 Questions→PCNE Practice Test 2 — 10 Questions→PCNE Practice Test 3 — 10 Questions→PCNE Practice Test 4 — 10 Questions→PCNE Practice Test 5 — 10 Questions→PCNE Practice Exam 1 — 20 Questions→PCNE Practice Exam 2 — 20 Questions→PCNE Practice Exam 3 — 20 Questions→PCNE Practice Exam 4 — 20 Questions→Free PCNE Practice Test 1 — 30 Questions→Free PCNE Practice Test 2 — 30 Questions→Free PCNE Practice Test 3 — 30 Questions→PCNE Practice Questions 1 — 50 Questions→PCNE Practice Questions 2 — 50 Questions→PCNE Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Designing, planning, and prototyping a GCP networkImplementing hybrid interconnectivityConfiguring network servicesImplementing network securityImplementing a Virtual Private Cloud

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Implementing hybrid interconnectivity setsAll Implementing hybrid interconnectivity questionsPCNE Practice Hub