Pass the Google Cloud Network Engineer Exam17 Jul, 2019 4 minutes
I took the Google Cloud Certification Professional Network Engineer Exam, here's what you can expect from the exam and my thoughts on how you should prepare.
Do you know your ASN from your elbow?
The Google Professional Cloud Network Engineer exam is stated to test a candidate’s abilities in designing, planning, and prototyping GCP networks, implementing GCP Virtual Public Clouds (VPC), configuring network services, implementation of hybrid interconnectivity and general GCP network security.
When I sat the exam
In reality, it’s actually quite a bit more. I thought I’d just rock up and smash the exam because I’ve been teaching Google Cloud courses for what seems like ages, plus I have bundles of hands-on experience. So imagine my surprise when I was sat there staring at questions that required me to think about what the correct answer would be!
The challenge I found was that there just wasn’t a great deal of detail in the questions or answers, to the point where the right answer could quite simply be the option that says “X isn’t configured correctly”! Pretty vague right?! Yup, but the trick here is that they are testing your ability to identify where the issue is in this type of question, not fix it. It was this that took me a little while to get my head around. Fortunately, I had enough time to sanity check my answers and make the few amendments needed.
How should you prepare?
If you're looking to pass the Google certification exam our Professional Network Engineer course path will give you some great platform grounding. This includes the two-day Networking in Google Cloud Platform course directly aligned to the certification exam. You'll have a refresher for some of the key principles as well as a look at tech like Load Balancing, VPN and Interconnect from a much more aligned perspective. You will also get the chance to perform some of the new practical labs. My top tip is to pay attention to the videos covering the elements that don't allow you to get hands-on with the tech ( if you don't have the time or free credit to setup Interconnect in the class). They have included some great recorded demos that are invaluable.
I would recommend two more things.
- Sign up for a Qwiklabs account to allow you to perform more varied practical work outside of the class (cough, Kubernetes… cough cough)
- Create your own trial subscription and play!! The major benefit of using Qwiklabs over just a trial subscription is that you’ll be given a task and a rationale as to why you are performing the steps and what the desired outcome is.
I've passed the Architect exam, this will be easy, right?
If, after reading this you have a question forming in your head along the lines of: “Mark if I’ve got lots of experience and have passed the Architect exam, would it still be advisable to sit the Networking course before taking the exam??” Imagine my answer in the voice of Bricktop “of course, ******* of course! ”. “Why?” Because Google is going to deeply probe your knowledge on the setup, troubleshooting, monitoring and optimisation of as many network technologies as they can and they won’t be relying on old questions or perspectives from other exams. I’d even go as far to say that out of the Architect, Network and Security exams, the Network exam is the toughest of the group. Google’s certifications are recognised as being one of the most widely sought-after cloud certifications in 2019 and they aren’t giving them away easily!
What topics will be included on the exam?
Be fully prepared to be grilled on topics including:
- Generic Protocols: At the very least, know the basics of BGP, TFTP, SSL, ICMP, IKE
- Troubleshooting: You will need an understanding of how traffic flows in GCP including Network Tiering.
- Stackdriver: You’ll need a good grasp on where the logs are and what you can enable them on in the console.
- BGP: You’ll need to understand what scenarios you would use Cloud Routers and how to set up single and multiple BGP sessions
- Cloud DNS and DNSSEC: Have a handle on what it is, the GCP config and integration with other DNS services
- GKE (Kubernetes) networking: Efficiently managing IP allocations for Nodes and Pods and using Alias IPs
- Cloud VPN: This is bread and butter, you need to master all of this including resilient VPN.
- Firewalls and Routes: Know how to configure, use tags, apply with service accounts and supersede by priority
- Load Balancing: Know all the GCP types and use cases for them
- Google Private Access and Google Private Service Access: learn the use cases
- Cloud CDN: Understand why it's useful and how to configure and control cached entries
- Cloud Armor: Know how it can help protect and make your application more efficient once configured.
- Interconnect, Peering, VPN — which of them can you have multiple tunnels and how high a bandwidth can you get?
- VPC: Security Perimeter, Service Controls, Service Context
- SSH: ports to connect on. Firewall rules. Connecting to a VM via SSH or RDP and diagnosing issues