Back to Google Professional Cloud Network Engineer questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Google Professional Cloud Network Engineer practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
PCNE
exam code
Google Cloud
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PCNE topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each VPC networking concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Regional IP range within a VPC

Connection between two VPCs for private IP communication

VPC from one project shared with other projects

Outbound internet access for private instances

Access Google APIs from on-premises or other clouds

Question 2mediummatching
Full question →

Match each Google Cloud networking service to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides outbound connectivity for private instances

Securely connects on-premises to VPC via IPsec

Delivers content from edge caches globally

Translates domain names to IP addresses

Manages service mesh traffic with global load balancing

Question 3mediummatching
Full question →

Match each network troubleshooting command/tool to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Tests basic connectivity to an IP address

Traces the path packets take to a destination

Displays network connections and listening ports

Queries DNS to resolve a hostname

Captures and analyzes network packets

Question 4mediummatching
Full question →

Match each Google Cloud Armor feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Pre-configured rules to block common web attacks

Limits requests per client to prevent abuse

Allows or denies traffic from specific IPs

ML-based detection of DDoS and application attacks

Rules attached to backend services or load balancers

Question 5mediummatching
Full question →

Match each Google Cloud interconnect or peering type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Direct physical connection between on-premises and Google

Connection via a supported service provider

Direct BGP peering between on-premises and Google edge

Peering via a carrier's network

Encrypted tunnel over the internet to your VPC

Question 6mediummatching
Full question →

Match each VPC firewall rule component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Determines rule evaluation order (lower number = higher priority)

Specifies ingress or egress traffic

Allow or deny matching traffic

Specifies IP ranges or tags for traffic filtering

Selects VM instances to apply the rule

Question 7mediummatching
Open the full BGP breakdown →

Match each Cloud Router BGP attribute to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Unique autonomous system number for the router

MED value to influence inbound traffic

IP address of the BGP peer

ASN of the BGP peer

Time between BGP keepalive messages

Question 8mediummatching
Full question →

Match each network pricing model to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data leaving Google Cloud to the internet

Data entering Google Cloud (typically free)

Data transferred between regions within Google Cloud

Global network with consistent performance, higher cost

Lower cost, uses ISP networks for some hops

Question 9mediummatching
Read the full DNS explanation →

Match each Cloud DNS record type to its use.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Maps a hostname to an IPv4 address

Maps a hostname to an IPv6 address

Alias of one hostname to another

Specifies mail servers for a domain

Holds arbitrary text, often for verification

Question 10mediummatching
Full question →

Match each Cloud Load Balancing type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Global, proxy-based, for HTTP/S traffic from internet

Regional, pass-through, for traffic within VPC

Regional, proxy-based, for non-HTTP/S internet traffic

Regional, proxy-based, for internal HTTP/S traffic

Global, terminates SSL, for non-HTTPS SSL traffic

These PCNE practice questions are part of Courseiva's free Google Cloud certification practice question bank. Courseiva provides original exam-style PCNE questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.