CertBlaze

Google Cloud Exam Syllabus

Professional Cloud Network Engineer syllabus, skills measured, and exam topics

A Professional Cloud Network Engineer is responsible for the design, implementation, and management of Google Cloud network infrastructure. This includes designing network architectures for high availability, scalability, resiliency, and security. This individual is skilled in

Open the practice page

Skills measured by domain

Use the weighting table to decide where to spend the most study time.

Domain Weight
Section 1: Designing and planning a Google Cloud VPC network 21%
Section 2: Implementing a VPC network 20%
Section 3: Configuring managed network services 16%
Section 5: Managing, monitoring, and troubleshooting network operations 14%

Detailed outline

Scan each section as a working study checklist instead of one long wall of text.

Section 1: Designing and planning a Google Cloud VPC network (~21% of the

  • 1.1 Designing an overall network architecture. Considerations include:
  • Differentiating between network tiers (e.g., Premium and Standard).
  • Designing for high availability, failover, disaster recovery, and scale.
  • Designing the DNS topology (e.g., on-premises and Cloud DNS).
  • Choosing an appropriate load balancer for network implementation.
  • Planning for Google Kubernetes Engine (GKE) networking (e.g., secondary ranges, scale
  • potential based on IP address space, and access to GKE control plane).
  • Identifying the most appropriate Identity and Access Management (IAM) roles suited to
  • specific network architecture designs (e.g. load balancer provisioning and Shared VPC
  • subnet permissions).
  • Planning for connectivity to managed services (e.g., private services access, Private
  • Service Connect [PSC], and Serverless VPC Access).

Section 2: Implementing a VPC network (~20% of the exam)

  • 2.1 Configuring VPCs. Considerations include::
  • Creating Google Cloud VPC resources (e.g., networks, subnets, firewall rules or policies,
  • private services access subnet, and private pools).
  • Configuring VPC Network Peering.
  • Creating a Shared VPC network and sharing subnets with other projects.
  • Assigning the correct IAM permissions to use Shared VPC subnets from service
  • projects.
  • Configuring access to Google APIs and Google-managed services (e.g., Private Google
  • Access and public interfaces).
  • Expanding VPC subnet ranges after creation.
  • Configuring restricted Google Cloud services with VPC Service Controls perimeters.
  • 2.2 Configuring VPC routing. Considerations include:

Section 3: Configuring managed network services (~16% of the exam)

  • 3.1 Configuring load balancing. Considerations include:
  • Determining the load balancing solution for your network (internal/external,
  • regional/global, application/proxy/passthrough, etc.).
  • Configuring backend services, including autoscaling (e.g., network endpoint groups
  • [NEGs] and managed instance groups).
  • Configuring various load balancers and backend settings, such as the balancing
  • method, session affinity, serving capacity, URL maps, health checks, and global access.
  • Understanding load balancers in GKE (e.g., GKE Gateway controller, GKE Ingress
  • controller, and NEGs).
  • Setting up traffic management on Application Load Balancer (e.g., traffic splitting, traffic
  • mirroring, and URL rewrites).
  • 3.2 Configuring Cloud CDN. Considerations include:

Section 4: Configuring and implementing hybrid and multicloud network

  • interconnectivity (~16% of the exam)
  • 4.1 Configuring Cloud Interconnect. Considerations include:
  • Creating Dedicated Interconnect connections and configuring VLAN attachments.
  • Creating Partner Interconnect connections, configuring VLAN attachments, and
  • differentiating between layer 2 and layer 3 type interconnects.
  • Creating Cross-Cloud Interconnect connections and configuring VLAN attachments.
  • Configuring HA VPN over Cloud Interconnect.
  • Implementing 99.9% and 99.99% service-level agreements (SLAs) for interconnect
  • topologies.
  • 4.2 Configuring a site-to-site IPSec VPN. Considerations include:
  • Configuring HA VPN toward on-premise VPN gateways.
  • Configuring HA VPN toward other Google Cloud VPCs.

Section 5: Managing, monitoring, and troubleshooting network operations (~14%

  • of the exam)
  • 5.1 Logging and monitoring with Google Cloud Observability. Considerations include:
  • Enabling and reviewing Cloud Logging for networking components (e.g., Cloud VPN,
  • Cloud Router, VPC Service Controls, Cloud Next Generation Firewall [NGFW], Firewall
  • Insights, VPC Flow Logs, Cloud DNS, Cloud NAT, and Network Connectivity Center).
  • Monitoring networking metrics (e.g., Cloud VPN, Cloud Interconnect and VLAN
  • attachments, Cloud Router, load balancers, Google Cloud Armor, and Cloud NAT).
  • 5.2 Maintaining and troubleshooting connectivity issues. Considerations include:
  • Draining and redirecting traffic flows with Application Load Balancer.
  • Managing and troubleshooting VPNs.
  • Managing and troubleshooting Cloud Interconnect issues.
  • Troubleshooting Cloud Router BGP peering issues.