PCNE · topic practice

Configuring network services practice questions

Practise identifying, configuring, and troubleshooting core network services like DNS, DHCP, NAT, and NTP for the PCNE exam.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Configuring network services

What the exam tests

What to know about Configuring network services

Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.

DNS record types and resolution process

DHCP lease, scope, and reservation configuration

NAT and PAT for IP address translation

Network time protocol (NTP) synchronization

Why learners struggle

Why Configuring network services questions are commonly missed

Network services questions are commonly missed because candidates confuse protocol roles and port numbers. The overlap between DNS, DHCP, and NAT functions creates specific mix-ups.

  • ·DNS vs DHCP — name resolution vs IP assignment
  • ·NAT vs PAT — address vs port translation
  • ·DHCP scope vs reservation — dynamic vs static
  • ·DNS A vs AAAA — IPv4 vs IPv6 records
  • ·NTP vs SNTP — accuracy vs simplicity
  • ·DHCP relay vs DHCP server — forwarding vs providing

Watch out for

Common Configuring network services exam traps

  • Confusing DNS A record with CNAME for hostname mapping
  • Thinking DHCP assigns static IPs instead of dynamic leases
  • Mixing up NAT and PAT port vs address translation
  • Assuming NTP only syncs time once, not periodically

Practice set

Configuring network services questions

20 questions · select your answer, then reveal the explanation

A company has deployed a Global External Application Load Balancer with Premium Tier and enables Cloud CDN. Users in Europe report high latency, while users in the US have good performance. The backend is a regional NEG in us-west1. What is the most likely cause?

Question 2hardmultiple choice
Read the full DNS explanation →

A company is migrating on-premises DNS to Google Cloud. They have a hybrid network using Cloud VPN and want to resolve on-premises hostnames from Compute Engine instances without custom scripts. Which service should they use?

Question 3easymultiple choice
Open the full BGP breakdown →

A network engineer is configuring a Cloud Router for BGP peering with an on-premises router over a VPN tunnel. The on-premises router uses 169.254.x.x link-local addresses. Which BGP peer IP should the engineer use in the Cloud Router configuration?

A company uses an internal TCP/UDP load balancer to distribute traffic to a backend service. The backend instances are in an unmanaged instance group. Some instances fail health checks and are removed. What happens to existing connections to failed instances?

Question 5hardmultiple choice
Review the full subnetting walkthrough →

A company has a VPC with subnets in us-central1 and europe-west1. They create a Private Service Connect endpoint for a managed service in us-central1. Can Compute Engine instances in europe-west1 access the endpoint?

Question 6mediummulti select
Open the full BGP breakdown →

A company is designing a hybrid network using Dedicated Interconnect. They want to configure BGP for load balancing across multiple VLAN attachments. Which TWO statements are correct?

Question 7hardmulti select
Read the full NAT/PAT explanation →

A company is using Cloud NAT to allow private instances to access the internet. They notice that some instances are not able to reach certain external services. Which THREE steps should they take to troubleshoot?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Cloud NAT to allow private instances to reach the internet. They notice that egress traffic from Compute Engine VMs is intermittently failing. The VMs are in us-central1-a and use the default VPC network. Cloud NAT is configured with a single NAT IP address. What is the most likely cause?

A large enterprise is migrating to Google Cloud and needs to establish connectivity between on-premises and VPCs in two different regions (us-east1 and europe-west1). They have a single Partner Interconnect connection at a co-location facility in New York. They want to use the same interconnect for both regions. Which configuration should they use?

Question 10easymultiple choice
Read the full DNS explanation →

A company is using Cloud DNS for private zone resolution within their VPC. They have a private zone for 'example.internal' and have attached it to the VPC. When they create a new Compute Engine VM and try to resolve 'myapp.example.internal', it fails. What is the most likely cause?

Question 11hardmultiple choice
Review the full routing breakdown →

You have a Cloud Router with the configuration shown. The on-premises network (ASN 65002) is not receiving any routes from Google Cloud. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
$ gcloud compute routers describe my-router --region us-central1
creationTimestamp: '2023-01-15T10:00:00.000-08:00'
description: Router for on-prem connectivity
id: '1234567890123456789'
kind: compute#router
name: my-router
network: https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default
region: https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1
bgp:
  asn: 65001
  advertiseMode: CUSTOM
  advertisedGroups:
  - ALL_SUBNETS
  advertisedIpRanges:
  - range: 10.0.1.0/24
    description: On-prem subnet
  keepaliveInterval: 20
```
Question 12mediummultiple choice
Review the full subnetting walkthrough →

A company has a VPC with subnets in us-east1 and europe-west1. They have deployed a global external HTTP(S) load balancer with backend services in both regions. Users in Europe report high latency. What is the most likely cause?

Which TWO considerations are important when designing a VPC peering strategy between multiple projects in Google Cloud?

Which THREE actions should you take to secure a VPC that hosts public-facing web applications?

Question 15hardmultiple choice
Review the full subnetting walkthrough →

A company has a VPC with multiple subnets. They want to restrict traffic between two specific subnets (10.0.1.0/24 and 10.0.2.0/24) while allowing all other traffic. They create a firewall rule with priority 1000 denying ingress from 10.0.1.0/24 to 10.0.2.0/24. However, traffic is still allowed. What is the most likely reason?

Your company runs a multi-tier web application on Google Cloud. The frontend is in us-central1 (3 instances behind an external HTTP(S) Load Balancer), the backend is in us-west1 (3 instances behind an internal TCP/UDP Load Balancer). The frontend instances are in a managed instance group (MIG) with autoscaling based on CPU utilization. Recently, you noticed that during traffic spikes, the frontend instances' CPU utilization remains low, but the backend instances' CPU utilization spikes to 90% and causes timeouts. The application uses a synchronous REST API; the frontend instances make requests to the internal load balancer's IP. What should you do to resolve the backend scaling issue?

Question 17mediummultiple choice
Open the full BGP breakdown →

Your company has deployed a hybrid cloud environment with a Cloud VPN tunnel between Google Cloud VPC and an on-premises data center. The VPC has a custom mode with subnet 10.0.1.0/24 in us-east1. On-premises uses subnet 192.168.1.0/24. The VPN tunnel is established using dynamic routing (BGP). Both sides advertise the correct prefixes. A Compute Engine VM in the VPC (10.0.1.10) can ping the on-premises gateway (192.168.1.1), but cannot ping a server on-premises (192.168.1.100). The on-premises network team confirms that 192.168.1.100 is reachable from the on-premises gateway. Firewall rules in GCP allow ingress from 192.168.1.0/24 to all VMs. What is the most likely cause?

A company is deploying a global application on Google Cloud using Cloud Load Balancing. They want to serve traffic from multiple regions and require the lowest possible latency for users worldwide. The application serves HTTP traffic and uses a static IP address. Which load balancing solution should they use?

Question 19hardmulti select
Read the full NAT/PAT explanation →

A company uses Cloud NAT to enable outbound internet access for private instances in a VPC. They notice that some instances are unable to connect to external services, while others can. The network team has verified that all instances have the same tags and are in the same subnet. Which TWO actions should the team take to troubleshoot the issue?

Question 20easymultiple choice
Read the full NAT/PAT explanation →

An engineer creates a Cloud NAT configuration as shown in the exhibit. The test-instance is created without an external IP address. However, the instance cannot reach the internet. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
gcloud compute routers create nat-router \
    --network=my-vpc \
    --region=us-central1

gcloud compute routers nats create nat-config \
    --router=nat-router \
    --region=us-central1 \
    --nat-external-ip-pool=ip-address-1 \
    --nat-all-subnet-ip-ranges \
    --enable-logging

gcloud compute instances create test-instance \
    --zone=us-central1-a \
    --network=my-vpc \
    --subnet=subnet-a \
    --no-address
```

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Configuring network services sessions

Start a Configuring network services only practice session

Every question in these sessions is drawn from the Configuring network services domain — nothing else.

Related practice questions

Related PCNE topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCNE exam test about Configuring network services?
Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Configuring network services questions in a focused session?
Yes — the session launcher on this page draws every question from the Configuring network services domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCNE topics?
Use the topic links above to move to related areas, or go back to the PCNE question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCNE exam covers. They are not copied from any real exam or dump site.