20+ practice questions focused on Configuring network services — one of the most tested topics on the Google Professional Cloud Network Engineer exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Configuring network services PracticeA company has deployed a Global External Application Load Balancer with Premium Tier and enables Cloud CDN. Users in Europe report high latency, while users in the US have good performance. The backend is a regional NEG in us-west1. What is the most likely cause?
Explanation: Option D is correct because Cloud CDN cannot cache responses that include a 'Cache-Control: private' header. This header instructs intermediate caches (including CDN nodes) not to store the response, forcing all requests to go to the origin server in us-west1. Users in Europe experience high latency because their requests must traverse the long distance to the US origin, while US users benefit from shorter paths. Enabling Cloud CDN alone does not guarantee caching; the origin must also allow caching by omitting 'private' or setting appropriate 'Cache-Control: public' and 'max-age' directives.
A company is migrating on-premises DNS to Google Cloud. They have a hybrid network using Cloud VPN and want to resolve on-premises hostnames from Compute Engine instances without custom scripts. Which service should they use?
Explanation: Cloud DNS inbound server policy allows on-premises DNS servers to receive DNS queries from Compute Engine instances by creating a VPC-scoped policy that forwards queries to the IP addresses of on-premises DNS resolvers over Cloud VPN. This enables hybrid name resolution without custom scripts, as the policy automatically handles the forwarding of DNS requests from Google Cloud resources to the on-premises DNS infrastructure.
A network engineer is configuring a Cloud Router for BGP peering with an on-premises router over a VPN tunnel. The on-premises router uses 169.254.x.x link-local addresses. Which BGP peer IP should the engineer use in the Cloud Router configuration?
Explanation: The correct BGP peer IP is 169.254.0.1 because Cloud Router uses the first IP in the 169.254.0.0/16 link-local range for BGP peering over a VPN tunnel. This is required by Google Cloud's implementation, where the on-premises router must use a link-local address from the 169.254.0.0/16 range, and Cloud Router automatically assigns 169.254.0.1 as its own BGP peer IP. The on-premises router typically uses 169.254.0.2 as its BGP peer IP, ensuring a point-to-point link-local BGP session.
A company uses an internal TCP/UDP load balancer to distribute traffic to a backend service. The backend instances are in an unmanaged instance group. Some instances fail health checks and are removed. What happens to existing connections to failed instances?
Explanation: When an instance in an unmanaged instance group fails a health check, the internal TCP/UDP load balancer immediately terminates all existing connections to that instance. This is because the load balancer does not support connection draining for unmanaged instance groups; it simply stops forwarding new traffic and drops existing flows to the failed instance. The abrupt termination occurs because the load balancer operates at Layer 4 and has no mechanism to gracefully close TCP connections or wait for application-level cleanup.
A company has a VPC with subnets in us-central1 and europe-west1. They create a Private Service Connect endpoint for a managed service in us-central1. Can Compute Engine instances in europe-west1 access the endpoint?
Explanation: Private Service Connect (PSC) endpoints are regional resources. An endpoint created in us-central1 is only accessible from Compute Engine instances within the same region (us-central1) of the VPC. Instances in europe-west1 cannot directly reach the endpoint because traffic would need to cross regional boundaries, which PSC does not support for producer endpoints. Option D correctly identifies this regional restriction.
+15 more Configuring network services questions available
Practice all Configuring network services questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Configuring network services. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Configuring network services questions on the PCNE frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Configuring network services is tested as part of the Google Professional Cloud Network Engineer blueprint. Practicing with targeted Configuring network services questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free PCNE practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Configuring network services is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Configuring network services practice session with instant scoring and detailed explanations.
Start Configuring network services Practice →