Notes from my beta Google Cloud Professional Network Engineer Certification Exam

7 min readFeb 5, 2019

Subscribe to my YouTube channel that teaches you to apply Google Cloud to your projects and also prepare for the certifications: youtube.com/AwesomeGCP. Check out the playlists I currently have for Associate Cloud Engineer, Professional Architect, Professional Data Engineer, Professional Cloud Developer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer, and Professional Cloud Security Engineer.

Update on March 14th, 2019: In a pleasant surprise, I actually passed this exam. I’m now a …

The original notes continue below.

I messed up with this exam. And hopefully you won’t if you learn from my experience. Read on.

I recently passed the beta Professional Cloud Developer exam with hardly any preparation because there really wasn’t any solid material to prepare with. With the beta Professional Network Engineer exam though, there was a full networking specialization on Coursera. I took that course and revised it a few times prior to the exam. That was way more than what I’d done for the Developer exam. So I was very confident. I expected it to be a breeze. It wasn’t. Results should be out in a couple of months and I would be pleasantly surprised if I didn’t flunk.

The main thing I did wrong — I studied wrong

I’ve hardly been in a situation over the four GCP certifications that I passed where I haven’t been able to eliminate at least two options. This one was different. But now having reviewed the questions and the subjects post the exam, I realize it was entirely my fault.

I assumed the questions would be primarily based on the Coursera course. Though that course was important to set the base, I really needed to study all the subjects on the exam guide. The only part of this that I prepared for was what was in the Coursera course. That’s less than 50%. Facepalm!

Suggested Approach to Preparation

When you study for the Network Engineer exam, do the Coursera course first. Then search on the GCP docs for each of the topics mentioned in the exam guide. Do the quick labs and probably more than just that. There’s a bunch of stuff you can’t really try out, I suppose, like Peering and Interconnect. But you need to at least know the theoretical aspects well. Some of the other use cases in the exam are not straightforward — multiple orgs, on-prem situations, etc. You can still simulate them with multiple VPCs with an external IP.

tldr; do the Coursera Networking Specialization first. Then search for and study the items in the exam guide/outline.

Exam Notes

Below are my sanitized notes from the exam. I’m not giving you questions but general topics similar to what the guide/outline gives. Matthew Ulasien from Linux Academy says that the Architect exam is a mile wide and an inch deep. Comparatively, the Network Engineer exam is about 10 metres wide and 10 metres deep. There isn’t a wide breadth of GCP products to cover in networking alone. Instead, a lot of the feature details are tested. As usual, application of the features are tested in use cases.

Since this was a beta exam, I got 95 questions to finish in 4 hours. There were multiple network issues in my exam centre and it took me a total of ~5 hours. So definitely carry some snacks and drinks if you’re going for the beta exam. Your break time is on you and the exam clock doesn’t stop.

• Protocols: study a little about protocols and networking features beyond GCP. At least know basics of some — OSPF, BGP, RIP, TFTP, SSL, SMTP, ICMP, SNMP, IMAP, etc.
• Troubleshooting: troubleshooting networking issues — learn usual network troubleshooting like packet loss, non-reachability, traffic routing, etc.
• Troubleshooting: How do we debug the above issue? Know some common cmd line utilities like traceroute, nslookup, netstat, etc.
• Troubleshooting: Where can we find logs to troubleshoot? Stackdriver Logs, Monitoring, Flow logs, syslog on the machine, etc.?
• BGP: How is this setup under different conditions like single cloud router, multiple cloud router, various types of interconnect, subnet accessibility, etc.
• Cloud DNS: how do you configure one? how do you migrate one?
• Cloud DNS: DNSSEC setup and troubleshooting when DNS updates don’t propagate.
• GKE networking: I was woefully underprepared for this section.
• IP Aliases: partly related to GKE was IP Aliases.
• CIDR: know how IP ranges are defined using CIDR. Also that the first 2 and last 2 in any subnet is reserved by GCP. So if you want to assign a certain number of nodes, pods, and services, what CIDR values do you need to set.
• Cloud Router: understand everything in this — https://cloud.google.com/router/docs/concepts/overview
• Cloud Router: advertising routes.
• Cloud VPN: understand everything in this — https://cloud.google.com/vpn/docs/concepts/overview
• Cloud VPN: Policy based VPN vs route based VPN.
• Cloud VPN: creating multiple tunnels.
• Firewalls and Routes: know that the lower number has higher priority than higher numbers.
• Firewall: logging and how it helps to identify issues.
• Load Balancer: between the various load balancers, which are global and which are regional?
• Load Balancer: which load balancers support ipv4 and which ipv6?
• Load Balancer: how do you setup certificates?
• Load Balancer: how do you set up Managed Instance Groups and Unmanaged instance groups.
• Load Balancer: what are target pools? how are they used and setup?
• Google Private Access and Google Private Service Access: learn the various use cases.
• Cloud CDN: cache-invalidation. How to do it? What are the different ways to do it?
• Cloud CDN: compression options.
• Cloud CDN: how do you connect Load Balancer to CDN?
• Cloud CDN: how do you connect Cloud Storage to CDN?
• Network Connectivity: How to connect various networks when they are in same/different org, same or different company, same or different project but needs isolation, etc.
• How to setup interconnect in a way that is reliable, with minimum latency, etc.?
• Cloud NAT: What is this and why would you do this?
• Cloud Armor: same, what and why?
• Interconnect, Peering, VPN — know the max speeds for each.
• Interconnect, Peering, VPN — know the connection type for each. Public IP or RFC1918?
• Interconnect, Peering, VPN — which of them can you have multiple copies of and how high a bandwidth can you get?
• Interconnect, Peering, VPN — how do you diagnose low bandwidth usage, network issues, etc.
• VPC: Security Perimeter, Service Controls, Service Context.
• SSH: ports to connect on. Firewall rules. Connecting to a VM via SSH or RDP and diagnosing issues.

I feel like I’ve taken one for the team by attempting this exam early. :-) I partially feel like crap for being an idiot and not studying properly, but I also feel good knowing that you all will be much better off than me now that you have my experience. #getcertified.

Others’ Notes

See Hil Liao’s additions in the comments below.