PCNE · topic practice

Designing, planning, and prototyping a GCP network practice questions

Practise Google Professional Cloud Network Engineer Designing, planning, and prototyping a GCP network practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Designing, planning, and prototyping a GCP network

What the exam tests

What to know about Designing, planning, and prototyping a GCP network

Designing, planning, and prototyping a GCP network questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Designing, planning, and prototyping a GCP network exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Designing, planning, and prototyping a GCP network questions

20 questions · select your answer, then reveal the explanation

Your company is deploying a multi-tier web application on Google Kubernetes Engine (GKE) with a regional cluster. You need to design network policies to allow traffic only from the frontend pods to the backend pods on port 8080. Which of the following is the most secure and recommended approach?

A company is designing a hybrid connectivity solution between an on-premises data center and Google Cloud. They have a high bandwidth requirement of 20 Gbps and need a service level agreement (SLA) of 99.99% availability. Which connectivity option should they choose?

A network engineer needs to design a VPC network for a global application that will have Compute Engine instances in multiple regions. The instances need to communicate with each other using internal IP addresses. What is the simplest way to enable this communication?

Which TWO of the following are valid methods to reduce latency between users in Europe and a GCP-hosted application?

Which THREE of the following are requirements for implementing a Global External HTTP(S) Load Balancer with an external backend?

Question 6hardmultiple choice
Review the full subnetting walkthrough →

A network engineer is troubleshooting connectivity from a Compute Engine instance in subnet-a to a Google Cloud Storage bucket. The instance has no external IP address. Based on the exhibit, what is the most likely cause of the connectivity issue?

Exhibit

Refer to the exhibit.

```
gcloud compute networks subnets describe subnet-a --region us-central1
creationTimestamp: '2024-01-15T10:00:00.000-08:00'
description: ''
enableFlowLogs: false
gatewayAddress: 10.0.0.1
id: '123456789'
ipCidrRange: 10.0.0.0/24
kind: compute#subnetwork
logConfig: null
name: subnet-a
network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/vpc-1
privateIpGoogleAccess: false
purpose: PRIVATE
region: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1
role: null
secondaryIpRanges: []
selfLink: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/subnet-a
state: READY
```
Question 7easymultiple choice
Open the full BGP breakdown →

Based on the exhibit, what is the purpose of Cloud Router's BGP configuration?

Exhibit

Refer to the exhibit.

```
Resource: Cloud Router
Name: router-1
Region: us-central1
Network: vpc-1
BGP: Autonomous System Number (ASN): 65001
Advertised IP ranges: 10.0.0.0/16
BGP sessions:
  - peer: on-prem-router
    peer ASN: 65002
    peer IP: 192.168.1.1
    Cloud Router IP: 169.254.0.1
    Advertised route priority: 100
    Status: Established

On-premises router BGP table:
  Network          Next Hop        Metric
  10.0.0.0/16      169.254.0.1     0
  0.0.0.0/0        192.168.1.1     0
```
Question 8hardmultiple choice
Open the full BGP breakdown →

A company has a VPC with subnets in us-east1 and europe-west1. They have a Compute Engine instance in us-east1 with an internal IP 10.0.1.2. They need to allow SSH (port 22) from a specific on-premises IP 203.0.113.5 via Cloud VPN. The Cloud VPN tunnel uses a Cloud Router with BGP. The on-premises network advertises the route for 203.0.113.5/32 to the Cloud Router. Which firewall rule must be created?

A company is deploying an internal load balancer (ILB) in a VPC to distribute traffic among backend instances in a managed instance group. The ILB should only be accessible from within the VPC. Which of the following is a required step when configuring the ILB?

A company is designing a hybrid network architecture to connect their on-premises data center to Google Cloud. They need high availability and bandwidth up to 10 Gbps. Which connectivity option should they choose?

Question 11easymultiple choice
Review the full subnetting walkthrough →

A network engineer is designing a VPC in Google Cloud with multiple subnets across different regions. The application requires low-latency communication between instances in the same region but not across regions. Which VPC network configuration should be used?

An organization wants to implement a hub-and-spoke network topology in Google Cloud using VPC Network Peering. The hub VPC hosts shared services and the spoke VPCs host application workloads. They need to ensure that spokes can communicate with each other through the hub. Which additional configuration is required?

Question 13mediummultiple choice
Open the full BGP breakdown →

A company is planning to migrate their on-premises application to Google Cloud. The application requires consistent high bandwidth and low latency to on-premises databases. They have a Dedicated Interconnect connection with a 10 Gbps link. To improve availability, they decide to add a second Interconnect connection. Which of the following is a best practice for configuring BGP sessions?

A network engineer is designing a Google Cloud network for a financial services company that requires strict compliance with PCI DSS. They need to isolate development, staging, and production environments. Which approach should they use to meet these requirements?

Which TWO factors should be considered when selecting a Google Cloud region for deploying a globally distributed application to minimize latency for users?

Question 16mediummulti select
Open the full BGP breakdown →

Which THREE components are required to set up a Cloud VPN with dynamic routing (BGP) between an on-premises network and Google Cloud?

Question 17mediummultiple choice
Read the full VPN explanation →

A company is designing a hybrid network between their on-premises data center and Google Cloud. They need high availability for traffic between the two environments and want to use Cloud VPN with dynamic routing. Which configuration ensures that if one VPN tunnel fails, traffic automatically fails over to the other tunnel without manual intervention?

A company has deployed a Global External HTTP(S) Load Balancer with a backend service that points to an instance group in us-central1. The load balancer's frontend uses a reserved static external IP address. Users in Europe report high latency, while users in Asia cannot reach the application at all. The application works fine when accessed directly via the instance group's internal IPs from within us-central1. Which action should be taken to resolve the issue?

A company wants to connect two VPC networks (vpc-a and vpc-b) that both reside in the same Google Cloud project. They need to ensure that all IP ranges in both VPCs can communicate using internal private IP addresses. Which solution should they implement?

Question 20hardmultiple choice
Open the full BGP breakdown →

You run the command shown in the exhibit. Your on-premises network is connected to your VPC via a Cloud Router with two BGP sessions. You notice that your on-premises network receives routes for only the two custom IP ranges (10.0.1.0/24 and 10.0.2.0/24) but not for other subnets in the VPC. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
# gcloud compute routers describe my-router --region us-central1
bgp:
  advertiseMode: CUSTOM
  advertisedGroups:
  - ALL_SUBNETS
  advertisedIpRanges:
  - range: 10.0.1.0/24
  - range: 10.0.2.0/24
bgpPeers:
- interfaceName: if-0
  ipAddress: 169.254.0.1
  peerIpAddress: 169.254.0.2
  peerAsn: 65001
  advertisedRoutePriority: 100
- interfaceName: if-1
  ipAddress: 169.254.1.1
  peerIpAddress: 169.254.1.2
  peerAsn: 65001
  advertisedRoutePriority: 100
```

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Designing, planning, and prototyping a GCP network sessions

Start a Designing, planning, and prototyping a GCP network only practice session

Every question in these sessions is drawn from the Designing, planning, and prototyping a GCP network domain — nothing else.

Related practice questions

Related PCNE topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCNE exam test about Designing, planning, and prototyping a GCP network?
Designing, planning, and prototyping a GCP network questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Designing, planning, and prototyping a GCP network questions in a focused session?
Yes — the session launcher on this page draws every question from the Designing, planning, and prototyping a GCP network domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCNE topics?
Use the topic links above to move to related areas, or go back to the PCNE question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCNE exam covers. They are not copied from any real exam or dump site.