Back to Google Professional Cloud Network Engineer

Google Cloud exam questions

Google Professional Cloud Network Engineer PCNE practice test

Practise questions on cloud computing concepts covering service models, deployment types, and essential characteristics for the PCNE exam.

497
practice questions
5
topics covered
PCNE
exam code
Google Cloud
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 497 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 497 PCNE questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

7 pages · 75 questions per page · 497 total

Related practice questions

Study PCNE by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Google Professional Cloud Network Engineer practice questions

Start practice test
Question 1hardmultiple choice
Open the full BGP breakdown →

An organization is migrating to Google Cloud and requires connectivity between their on-premises network and VPC. They plan to use Cloud VPN with dynamic routing (BGP). Which VPC feature is required for this setup?

Question 2hardmultiple choice
Read the full DNS explanation →

A company is migrating on-premises DNS to Google Cloud. They have a hybrid network using Cloud VPN and want to resolve on-premises hostnames from Compute Engine instances without custom scripts. Which service should they use?

Question 3easymultiple choice
Open the full BGP breakdown →

A network engineer is configuring a Cloud Router for BGP peering with an on-premises router over a VPN tunnel. The on-premises router uses 169.254.x.x link-local addresses. Which BGP peer IP should the engineer use in the Cloud Router configuration?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Cloud NAT to allow private instances to reach the internet. They notice that egress traffic from Compute Engine VMs is intermittently failing. The VMs are in us-central1-a and use the default VPC network. Cloud NAT is configured with a single NAT IP address. What is the most likely cause?

Match each VPC networking concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Regional IP range within a VPC

Connection between two VPCs for private IP communication

VPC from one project shared with other projects

Outbound internet access for private instances

Access Google APIs from on-premises or other clouds

Question 6mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to troubleshoot a VPN tunnel that is not passing traffic into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 7mediummultiple choice
Review the full subnetting walkthrough →

A company has a VPC with subnets in us-east1 and europe-west1. They have deployed a global external HTTP(S) load balancer with backend services in both regions. Users in Europe report high latency. What is the most likely cause?

A company uses an internal TCP/UDP load balancer to distribute traffic to a backend service. The backend instances are in an unmanaged instance group. Some instances fail health checks and are removed. What happens to existing connections to failed instances?

An organization has multiple VPCs in Google Cloud that need to communicate with an on-premises network through a single Dedicated Interconnect. All VPCs are in the same project. What is the most efficient way to enable connectivity from all VPCs to on-premises?

Question 10easymultiple choice
Review the full subnetting walkthrough →

A startup wants to create a VPC with a subnet that can grow automatically as they add more VM instances. Which subnet type should they use?

A company is deploying a multi-tier web application on Google Cloud. The web tier must be accessible from the internet, while the application tier should only be accessible from the web tier. The database tier must not have any public IP addresses. Which VPC design should be used?

Question 12easymultiple choice
Read the full VPN explanation →

A developer created a Compute Engine instance in the default VPC network. The instance needs to communicate with an on-premises server over a Cloud VPN tunnel. The developer configured the VPN tunnel but the instances cannot ping the on-premises server. What is the most likely cause?

Question 13hardmultiple choice
Review the full subnetting walkthrough →

An organization has a VPC with custom mode subnets in us-central1 and europe-west1. They create a VM instance in us-central1 with an internal IP 10.0.1.2 and a VM in europe-west1 with internal IP 10.0.2.2. They want to enable communication between these instances using internal IPs. What must be configured?

A company has deployed a global application on Compute Engine instances in multiple regions. Users are experiencing high latency connecting to the application. The network team wants to use Google Cloud's global network to improve performance. Which approach should they take?

A company is designing a VPC for a production environment that must meet the following requirements: support multiple projects, centralized network administration, and allow each project to have its own firewall rules. Which THREE components should be used?

A company is designing a network for a critical application that requires sub-millisecond latency between two Compute Engine instances. The instances are located in different zones within the same region. Which VPC configuration will provide the lowest latency?

A company has a VPC with multiple subnets. They want to restrict traffic between two subnets (Subnet-A and Subnet-B) using VPC firewall rules. Which THREE conditions must be met for a firewall rule to block traffic from Subnet-A to Subnet-B?

Question 18mediummultiple choice
Open the full BGP breakdown →

Your company has deployed a hybrid cloud environment with a Cloud VPN tunnel between Google Cloud VPC and an on-premises data center. The VPC has a custom mode with subnet 10.0.1.0/24 in us-east1. On-premises uses subnet 192.168.1.0/24. The VPN tunnel is established using dynamic routing (BGP). Both sides advertise the correct prefixes. A Compute Engine VM in the VPC (10.0.1.10) can ping the on-premises gateway (192.168.1.1), but cannot ping a server on-premises (192.168.1.100). The on-premises network team confirms that 192.168.1.100 is reachable from the on-premises gateway. Firewall rules in GCP allow ingress from 192.168.1.0/24 to all VMs. What is the most likely cause?

Question 19mediummulti select
Open the full BGP breakdown →

A company is designing a hybrid network using Dedicated Interconnect. They want to configure BGP for load balancing across multiple VLAN attachments. Which TWO statements are correct?

Question 20hardmultiple choice
Open the full BGP breakdown →

A network engineer configured a Cloud Router with the BGP configuration shown. The on-premises router (AS 64512) is peering with the Cloud Router (AS 65001) over a Dedicated Interconnect VLAN attachment. The engineer notices that traffic from on-premises to Google Cloud is not being routed via this interconnect as expected. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
# Cloud Router BGP configuration
router bgp 65001
 neighbor 169.254.0.1 remote-as 64512
 neighbor 169.254.0.1 ebgp-multihop 2
 neighbor 169.254.0.1 update-source loopback0
 address-family ipv4 unicast
  neighbor 169.254.0.1 route-map SET-MED in
  neighbor 169.254.0.1 route-map SET-LOCAL-PREF out
!
route-map SET-MED permit 10
 set metric 100
!
route-map SET-LOCAL-PREF permit 10
 set local-preference 200
```
Question 21mediummulti select
Read the full VPN explanation →

An organization is using Cloud VPN with dynamic routing and wants to improve failover time between two VPN tunnels. Which THREE configuration changes can help reduce failover time?

Question 22hardmultiple choice
Review the full subnetting walkthrough →

A company has a VPC with multiple subnets. They want to restrict traffic between two specific subnets (10.0.1.0/24 and 10.0.2.0/24) while allowing all other traffic. They create a firewall rule with priority 1000 denying ingress from 10.0.1.0/24 to 10.0.2.0/24. However, traffic is still allowed. What is the most likely reason?

Which TWO considerations are important when designing a VPC peering strategy between multiple projects in Google Cloud?

Question 24hardmultiple choice
Review the full routing breakdown →

You have a Cloud Router with the configuration shown. The on-premises network (ASN 65002) is not receiving any routes from Google Cloud. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
$ gcloud compute routers describe my-router --region us-central1
creationTimestamp: '2023-01-15T10:00:00.000-08:00'
description: Router for on-prem connectivity
id: '1234567890123456789'
kind: compute#router
name: my-router
network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
region: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1
bgp:
  asn: 65001
  advertiseMode: CUSTOM
  advertisedGroups:
  - ALL_SUBNETS
  advertisedIpRanges:
  - range: 10.0.1.0/24
    description: On-prem subnet
  keepaliveInterval: 20
```

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these PCNE questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests understanding of cloud service models, deployment types, and characteristics like scalability and elasticity.

IaaS, PaaS, SaaS service model definitions and use cases

Public, private, hybrid cloud deployment distinctions

Key cloud characteristics: on-demand, broad network access

Metered usage and resource pooling concepts

These PCNE practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCNE questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.