Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

GCP- Certified Network Engineer Beta exam: Review and Study list

Network engineer certification beta exam.

Hello Cloud Gurus,

Back in February, took some time to prepare for and take the Google Cloud- Professional Cloud Network Engineer Beta exam. (that’s a mouthful, so let’s call it PCNE for short). Wanted to share my experience with the community both why I took the exam thru the topics to analyze if you plan to take the exam.

Why did I take this exam?

In the process of searching for ideas for a tutorial course that would interest a type audience, I ran across an email from Google saying the beta test was now live. I thought this will be an excellent way to create a course, start at the beginning and research what training is currently available, take that training and build in the missing pieces via exam experience.

Timeframe to Study:

Made the decision to attempt the exam on January 31st , @~9pm. By 9:30pm, I signed up for the Coursera Networking in Google Cloud Platform Specialization series (3 courses), by 9:50pm, the test was scheduled for February 8th at 9am. ~8 days to prepare.

Coursera Courses:

Had previously used Coursera to prepare for the Google Cloud Architect certification. The first of the 3 courses in the networking track was a repeat, so I didn’t have to take course #1: GCP fundamentals: core infrastructure. It took ~24 hours to complete the remaining two courses: #2 GCP:Defining and implementing networks & #3 GCP Hybrid connectivity and network management.

If you haven’t used Coursera, I highly recommend their GCP courses. The courses are 80% lab work, and they use Qwiklabs as their lab provider. It has been updated, it now shows you your labs progress and has checkpoints along the way. Love it.


If you haven’t tried this service and enjoy learning, your missing out on one of the best hands on labs tools on the market. Qwiklabs is awesome, and you add as many custom services as you like in the given time period.

There are two recommended “Quest”s for GCP networking, #1 Networking in Google Cloud – which covers the basics. The one I chose to complete is the #2 Network performance and Optimization. I completed 4 out of the 7 exercises before the exam, and ran out of credits post exam.


I expected a difficult exam due to the limited preparation. In actuality, the test wasn’t hard difficulty, more of medium. It was the length of the test that was the struggle, four hours sitting in an uncomfortable chair. I pressed submit @ 3:40 minutes, so did use most of the available 4 hours. I finished the exam and was able to review the entire exam again.

Approaching this with the perspective of creating a course on the subject matter. I focused on creating mental models of what GCP wanted the candidates to understand. There were at 3-5 questions that I remember reading time and time again to grasp but they were just unclear.

The other questions were typical GCP question style. Candidate should know know what a service did or does, but also how that services interoperates with GCP as whole. Analyze the scenario and then select the best service for the job with cost in mind.

Facts to know:

Here are the bullet points notes that I created so far. I have notes on the entire process, and hopefully, will start producing an overview/prep course soon.

Failover and Disaster recovery:

     setup redundant network connections

          on-prem to cloud.

         cloud to cloud.

         On-prem thru provider to cloud

   Dedicated interconnects with multi-path network scenarios

   Difference between interconnects and peering

Cloud Router –

     Analyze connections between multi-endpoint to single Cloud Router

     Multi-endpoint can mean both

            Single site

           Multiple sites

    Dynamic, Static, Policy based routing

    IAM permissions and roles needed to setup the above

    How do routes work in shared-vpc

Hybrid Connectivity


         Cloud VPN

        Cloud Router

     Interconnects – direct versus carrier

    Peering – direct versus carrier

    Layer 2 versus layer 3 access to GCP

    Virtualizing vlan attachments with an interconnect- suing shared/non-shared vpc.

   Site to site VPN

Cloud Armor

     Attach only to an LB

     Should you modify existing policy or add a new policy config

     Setup log only monitoring system (do not block only notify on match)

    Understand DDOS cost effective mitigation strategies

    What steps do you need to take besides Cloud Armor, scale workloads, etc..

Firewall Rules

    Understand firewall ingress and egress rules

    Setup and utilize logs for firewall rules

   Where do you view logs for deny, allow rules?

   Setting network priority 0-XXX on firewall rules

         What are the min/max values

       How to add new rules with existing, (priority to assign)

Load Balancer

     Types of LB, and services they offer

        Session affinity

       IPv6 support

      URL Mappings

      Health Checks

      SSL cer: , installation, setup, replace on LB

Cloud DNS

     Migration strategies from on-prem to Cloud DNS

     How to add a domain to cloud dns

     Loading BIND files and understand security domains

     Error and troubleshooting, where to look to proceed?

     Interoperating on-prem dns with GCP

    DNS Security, what happens if you disable? Upstream at the registrar?

Content Delivery Network (CDN)

     How to setup a CDN from LB or Bucket

    Clearing cache content

    Cache invalidation

Kubernetes Networking

      Using clusters in shared VPC networking

      Know how to setup customer CIDR ranges for kubernetes deployments

      Customize K8s networking: subnetworks with IP range allocation for pods, nodes and master isolation.

      Set an load balancer in front of Kubernetes, set GKD ingress rules.

Shared VPC vs. standalone VPC

     Using interconnects for both options

    “Host” network vs. “Services” Network

      Setup direct interconnect, cloud routers, and VPC networking

Google Private Services

     Accessing from an internal IP address

     Accessing from a On-Prem/Corporate network

     How are these services available by default

VPC Peering

     Between separate organizations

    Separate companies

    Shared VPC

    IP overlap requirements

Cloud NAT

    Connections between on-prem and GCP

     Connection between VPCs

     Connections between seperate companies in GCP

Alias IP’s

     How are they used

       In kubernetes

        In a VPC

       In subnetworks

That’s all for now, Keep being awesome Cloud Guru’s,


1 Answers

Great study notes! Thanks for posting this, Karlos!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?