CheapestExamDumps!

Google Cloud Exam Syllabus

Professional Cloud Network Engineer syllabus, skills measured, and exam topics

A Professional Cloud Network Engineer is responsible for the design, implementation, and management of Google Cloud network infrastructure. This includes designing network architectures for high availability, scalability, resiliency, and security. This individual is skilled in

Open the practice page

Skills measured by domain

Use the weighting table to decide where to spend the most study time.

Domain Weight
Section 2: Implementing a VPC network 19%
Section 3: Configuring managed network services 16%
Section 5: Managing, monitoring, and troubleshooting network operations 12%

What to know before you study

These sections explain the role, audience, and exam framing behind the outline.

Section 1: Designing and planning a Google Cloud Virtual Private Cloud (VPC)

  • network (~24% of the exam)
  • 1.1 Designing an overall network architecture. Considerations include:
  • Designing for high availability, failover, disaster recovery, and scale.
  • Designing the DNS topology (e.g., on-premises, Cloud DNS).
  • Choosing a load balancer for an application or solution.
  • Designing for hybrid connectivity (e.g., Private Google Access for hybrid connectivity).
  • Planning for Google Kubernetes Engine (GKE) networking (e.g., secondary ranges, scale
  • potential based on IP address space, access to GKE control plane).
  • Planning Identity and Access Management (IAM) roles, including managing IAM roles in
  • a Shared VPC environment.
  • Planning for connectivity to managed services (e.g., private services access, Private
  • Service Connect, Serverless VPC Access).

Detailed outline

Scan each section as a working study checklist instead of one long wall of text.

Section 2: Implementing a VPC network (~19% of the exam)

  • 2.1 Configuring VPCs. Considerations include::
  • Creating Google Cloud VPC resources (e.g., networks, subnets, firewall rules or policies,
  • private services access subnet, private pools).
  • Configuring VPC Network Peering.
  • Creating a Shared VPC network and sharing subnets with other projects.
  • Configuring access to Google APIs and Google-managed services (e.g., Private Google
  • Access, public interfaces).
  • Configuring access to Vertex AI services.
  • Expanding VPC subnet ranges after creation.
  • Configuring restricted Google Cloud services with VPC Service Controls perimeters.
  • 2.2 Configuring VPC routing. Considerations include:
  • Setting up static and dynamic routing (e.g. Cloud Router).

Section 3: Configuring managed network services (~16% of the exam)

  • 3.1 Configuring load balancing. Considerations include:
  • Determining the load balancing solution for your network (internal/external,
  • regional/global, application/proxy/passthrough, etc.).
  • Configuring backend services (e.g., network endpoint groups (NEGs), managed
  • instance groups).
  • Configuring various load balancers and backend settings such as the balancing method,
  • session affinity, serving capacity, URL maps, health checks, and global access.
  • Optimizing for traffic scalability by using autoscaling or manual scaling features.
  • Understanding load balancers in GKE (e.g., GKE Gateway controller, GKE Ingress
  • controller, NEG).
  • Setting up traffic management on Application Load Balancers (e.g., traffic splitting,
  • traffic mirroring, URL rewrites).

Section 4: Configuring and implementing hybrid and multi-cloud network

  • interconnectivity (~15% of the exam)
  • 4.1 Configuring Cloud Interconnect. Considerations include:
  • Creating Dedicated Interconnect connections and configuring VLAN attachments.
  • Creating Partner Interconnect connections, configuring VLAN attachments, and
  • differentiating between Layer2 and Layer3 type Interconnects.
  • Creating Cross-Cloud Interconnect connections and configuring VLAN attachments.
  • Configuring HA VPN over Cloud Interconnect.
  • Implementing 99.9% SLA and 99.99% SLA for Interconnect topologies.
  • 4.2 Configuring a site-to-site IPSec VPN. Considerations include:
  • Configuring HA VPN towards on-premise VPN gateways.
  • Configuring HA VPN towards other Google Cloud VPCs.
  • Configuring Classic VPN (e.g., route-based, policy-based).

Section 5: Managing, monitoring, and troubleshooting network operations (~12%

  • of the exam)
  • 5.1 Logging and monitoring with Google Cloud Observability. Considerations include:
  • Enabling and reviewing Cloud Logging for networking components (e.g., Cloud VPN,
  • Cloud Router, VPC Service Controls, Cloud NGFW, Firewall Insights, VPC Flow Logs,
  • Cloud DNS, Cloud NAT, NCC).
  • Monitoring networking metrics (e.g., Cloud VPN, Cloud Interconnect and VLAN
  • attachments, Cloud Router, load balancers, Google Cloud Armor, Cloud NAT).
  • 5.2 Maintaining and troubleshooting connectivity issues. Considerations include:
  • Draining and redirecting traffic flows with Application Load Balancers.
  • Managing and troubleshooting VPNs.
  • Managing and troubleshooting Cloud Interconnect issues.
  • Troubleshooting Cloud Router BGP peering issues.

Section 6: Configuring, implementing and managing a cloud network security

  • solution (~14% of the exam)
  • 6.1 Configuring Google Cloud Armor policies. Considerations include:
  • Configuring and attaching edge and backend security policies.
  • Implementing web application firewall (WAF) rules (e.g., SQL injection, cross-site
  • scripting, remote file inclusion).