Network engineer certification beta exam.
Hello Cloud Gurus,
Back in February, took some time to prepare for and take the Google Cloud- Professional Cloud Network Engineer Beta exam. (that’s a mouthful, so let’s call it PCNE for short). Wanted to share my experience with the community both why I took the exam thru the topics to analyze if you plan to take the exam.
Why did I take this exam?
In the process of searching for ideas for a tutorial course that would interest a acloud.guru type audience, I ran across an email from Google saying the beta test was now live. I thought this will be an excellent way to create a course, start at the beginning and research what training is currently available, take that training and build in the missing pieces via exam experience.
Timeframe to Study:
Made the decision to attempt the exam on January 31st , @~9pm. By 9:30pm, I signed up for the Coursera Networking in Google Cloud Platform Specialization series (3 courses), by 9:50pm, the test was scheduled for February 8th at 9am. ~8 days to prepare.
Had previously used Coursera to prepare for the Google Cloud Architect certification. The first of the 3 courses in the networking track was a repeat, so I didn’t have to take course #1: GCP fundamentals: core infrastructure. It took ~24 hours to complete the remaining two courses: #2 GCP:Defining and implementing networks & #3 GCP Hybrid connectivity and network management.
If you haven’t used Coursera, I highly recommend their GCP courses. The courses are 80% lab work, and they use Qwiklabs as their lab provider. It has been updated, it now shows you your labs progress and has checkpoints along the way. Love it.
If you haven’t tried this service and enjoy learning, your missing out on one of the best hands on labs tools on the market. Qwiklabs is awesome, and you add as many custom services as you like in the given time period.
There are two recommended “Quest”s for GCP networking, #1 Networking in Google Cloud – which covers the basics. The one I chose to complete is the #2 Network performance and Optimization. I completed 4 out of the 7 exercises before the exam, and ran out of credits post exam.
I expected a difficult exam due to the limited preparation. In actuality, the test wasn’t hard difficulty, more of medium. It was the length of the test that was the struggle, four hours sitting in an uncomfortable chair. I pressed submit @ 3:40 minutes, so did use most of the available 4 hours. I finished the exam and was able to review the entire exam again.
Approaching this with the perspective of creating a course on the subject matter. I focused on creating mental models of what GCP wanted the candidates to understand. There were at 3-5 questions that I remember reading time and time again to grasp but they were just unclear.
The other questions were typical GCP question style. Candidate should know know what a service did or does, but also how that services interoperates with GCP as whole. Analyze the scenario and then select the best service for the job with cost in mind.
Facts to know:
Here are the bullet points notes that I created so far. I have notes on the entire process, and hopefully, will start producing an overview/prep course soon.
Failover and Disaster recovery:
setup redundant network connections
on-prem to cloud.
cloud to cloud.
On-prem thru provider to cloud
Dedicated interconnects with multi-path network scenarios
Difference between interconnects and peering
Cloud Router –
Analyze connections between multi-endpoint to single Cloud Router
Multi-endpoint can mean both
Dynamic, Static, Policy based routing
IAM permissions and roles needed to setup the above
How do routes work in shared-vpc
Interconnects – direct versus carrier
Peering – direct versus carrier
Layer 2 versus layer 3 access to GCP
Virtualizing vlan attachments with an interconnect- suing shared/non-shared vpc.
Site to site VPN
Attach only to an LB
Should you modify existing policy or add a new policy config
Setup log only monitoring system (do not block only notify on match)
Understand DDOS cost effective mitigation strategies
What steps do you need to take besides Cloud Armor, scale workloads, etc..
Understand firewall ingress and egress rules
Setup and utilize logs for firewall rules
Where do you view logs for deny, allow rules?
Setting network priority 0-XXX on firewall rules
What are the min/max values
How to add new rules with existing, (priority to assign)
Types of LB, and services they offer
SSL cer: , installation, setup, replace on LB
Migration strategies from on-prem to Cloud DNS
How to add a domain to cloud dns
Loading BIND files and understand security domains
Error and troubleshooting, where to look to proceed?
Interoperating on-prem dns with GCP
DNS Security, what happens if you disable? Upstream at the registrar?
Content Delivery Network (CDN)
How to setup a CDN from LB or Bucket
Clearing cache content
Using clusters in shared VPC networking
Know how to setup customer CIDR ranges for kubernetes deployments
Customize K8s networking: subnetworks with IP range allocation for pods, nodes and master isolation.
Set an load balancer in front of Kubernetes, set GKD ingress rules.
Shared VPC vs. standalone VPC
Using interconnects for both options
“Host” network vs. “Services” Network
Setup direct interconnect, cloud routers, and VPC networking
Google Private Services
Accessing from an internal IP address
Accessing from a On-Prem/Corporate network
How are these services available by default
Between separate organizations
IP overlap requirements
Connections between on-prem and GCP
Connection between VPCs
Connections between seperate companies in GCP
How are they used
In a VPC
That’s all for now, Keep being awesome Cloud Guru’s,
Great study notes! Thanks for posting this, Karlos!