Pro Network Engineer Cert

Question 1

What are the three types of networks?

Answer 1

Default , auto, and custom

Question 2

What is the default network?

Answer 2

It is an auto-mode network with one subnet per region, fixed /20 per region, expandable to /16. Comes with default firewall rules.

Question 3

What is an auto-mode network?

Answer 3

One subnet per region, fixed /20 per region, expandable to /16. Regional IP allocation.

Question 4

What is a custom network?

Answer 4

No default subnets created, full control of IP ranges, regional IP allocation, expandable to any RFC 1918 size

Question 5

Are subnets zonal or regional or global?

Answer 5

They are regional - one subnet can span multiple zones

Question 6

What is the first available address in a subnet? What are the ones before it for?

Answer 6

.0 is for the network, .1 is for the gateway, so .2 is the first available

Question 7

Does a VM know its external address?

Answer 7

No

Question 8

Are public DNS records published automatically?

Answer 8

Nope

Question 9

What is the SLA for Cloud DNS?

Answer 9

100%

Question 10

How do you assign multiple IP addresses to a VM? Why would you do this?

Answer 10

Can assign multiple through multiple NICs. You can use this to bridge multiple networks or have management network.

Question 11

How do you assign a range of IP addresses to a VM? Why would you do this?

Answer 11

Can assign a range through alias IPs. Can assign range for giving services (i.e. containers) their own IP addresses.

Question 12

What is default routing?

Answer 12

Every network has a default route to get out of the network. Routes default to get to the other subnets as well.

Question 13

Where are firewall rules applied?

Answer 13

At the instance level

Question 14

Are firewall rules stateful?

Answer 14

Yes

Question 15

What are the default firewall rules?

Answer 15

DENY ALL ingress and ALLOW ALL egress

Question 16

How many NICs can a VM have?

Answer 16

At least 2. After 2, it’s the number of CPUs until 8. Max is 8.

Question 17

When can you add, change, or delete multiple NICs?

Answer 17

Only at instance creation

Question 18

Which NIC does internal DNS associate to?

Answer 18

nic0

Question 19

What are the restrictions for IPs/networks for multiple NICs

Answer 19

Each NIC is on a different network, IP ranges cannot overlap at all, networks must already exist before being configured

Question 20

What are the basic roles for networking? What can they do?

Answer 20

Network viewer - read-only access to all networking
Network admin - permissions to create/modify/delete except for firewall rules and SSL certs
Security admin - can create/modify/delete SSL certs and firewall rules

Question 21

What can you specify for targets with firewall rules?

Answer 21

All instances, specified target tags, specified service accounts

Question 22

What can you specify for sources with firewall rules?

Answer 22

IP ranges, subnets, source tags, and service accounts

Question 23

What three roles are needed to provision and manage a shared VPC?

Answer 23

Org admin -> Shared VPC Admin -> Service Project Admin

Question 24

Is transitive peering supported?

Answer 24

Nope

Question 25

What is the advantage of shared VPC over VPC network peering?

Answer 25

Centralized network admin, simplifies internal DNS

Question 26

What is the advantage of VPC network peering over shared VPC?

Answer 26

Can be used across orgs, multiple projects, or within a single project. Decentralized network admin if you like that. Quotas aren’t used as quickly if you can use multiple projects.

Question 27

Can you peer with a shared VPC?

Answer 27

Yes

Question 28

How are DNS names handled across VPC peering?

Answer 28

DNS names are NOT transferred across with VPC peering

Question 29

What policies are available for autoscaling a managed instance group?

Answer 29

CPU utilization, load balancing capacity, monitoring metrics, and queue-based workloads

Question 30

What are the global load balancing services?

Answer 30

HTTP(s) Load Balancer, TCP Proxy, and SSL Proxy

Question 31

What are the regional load balancing services?

Answer 31

Network TCP/UDP load balancer, internal load TCP/UDP load balancing

Question 32

Where is IPv6 supported?

Answer 32

HTTP(s) Load Balancer, TCP Proxy, and SSL Proxy

Question 33

What are the key features of a global HTTP(s) load balancer?

Answer 33

Global load balancing, anycast IP, does auto-scaling, can have backend services with health chekcs, session affinity (with timeouts), and one-or-more backends

Question 34

What three things does a backend need to be configured?

Answer 34

An instance group, a balancing mode (CPU or RPS), and a capacity scaler (ceiling % of CPU/rate targets)

Question 35

What is cloud armor?

Answer 35

Protects load balancers from DDOS, can blacklist or whitelist IPs, can configure the deny rule, can set priority to rules

Question 36

What are the key features of an SSL proxy?

Answer 36

Global load balancing for encrypted, non-HTTP traffic, terminates SSL, can do intelligent routing and certificate management, auto security patching

Question 37

What are the key features of a TCP proxy?

Answer 37

Global load balancing for non-encrypted, non-HTTP traffic, terminates TCP connections, intelligent routing and security patching

Question 38

What are the key features of a network load balancer?

Answer 38

Regional load balancing for TCP/UDP (non-proxied), forwarding rules, has instance groups and target pools

Question 39

What are the key features of an ILB

Answer 39

Similar to NLB but internal, has fully distributed software defined load balancing

Question 40

How do L2 connections connect to GCP?

Answer 40

They connect a VLAN to a specific GCP network

Question 41

What routing does a VPN support?

Answer 41

Static routing or dynamic routes via BGP with a cloud router

Question 42

What is the VPN gateway?

Answer 42

A regional resource that uses external IP address

Question 43

Are any other IPs needed for a VPN setup?

Answer 43

Need to add separate link-local IP address to establish BGP for dynamic routing

Question 44

What are the SLAs for dedicated interconnect?

Answer 44

99.9% for single connection, 99.99% for double in different regions

Question 45

What is direct peering?

Answer 45

Direct connection to Google for access to Google services (non-customer GCP)

Question 46

What do you do if you cannot meet the peering requirements?

Answer 46

Partner peering

Question 47

What is the SLA for peering?

Answer 47

None

Question 48

When are you charged for networking?

Answer 48

Egress to anything out of the zone/region but within-region and global Google products

Question 49

What sacrifices are made for the standard network tier?

Answer 49

No global load balancing, no global SLA, more network hops because it doesn’t use GCPs backbone

Question 50

What is private Google access?

Answer 50

VMs with only private IPs can still access Google services (like storage buckets), granted at the subnet level

Question 51

What is the benefit of cloud NAT over traditional NAT?

Answer 51

It has 1 fewer hop because it’s software defined at the instance level

Question 52

What is manual mode vs auto mode for the NAT?

Answer 52

Manually specify IPs for full control or automatically do it with auto-scaling

Question 53

How do you prevent deployment manager from deploying sequential things in parallel?

Answer 53

Add a reference to the previous step in the next step

Question 54

What are VPC Flow Logs?

Answer 54

A sample of logs flowing to/from VMs on the network, sampled every 5 seconds with no latency hit, enabled at the subnet

Question 55

What is included in the VPC flow log?

Answer 55

IPs/ports/protocol, plus start/end times, bytes, instance details, vpc details, geography