Blog

Google Cloud Professional Cloud Network Engineer (PCNE) Certification Tips and Preparation

Hi, in this post, I will explain how I passed my Google Cloud Network Professional Engineer test. I’m a Cloud Engineer with networking experience, and I have been working in the industry for several years. I was highly skilled in traditional networking technologies but was interested in expanding my knowledge and skills to cloud networking.

The most preparation technique that was the most important for me was to do some hands-on labs to assess my theoretical knowledge gain from the training video series. Also doing some synthetic cheat sheet was important for me.

The Google Cloud Network Professional Engineer exam evaluate your skills for:

Designing, planning, and prototyping a Google Cloud network
Implementing Virtual Private Cloud (VPC) instances
Configuring network services
Implementing hybrid interconnectivity
Managing, monitoring, and optimizing network operations

The most important is to define a learning path according to your weak and strong areas in the networking practice skills: https://storage.googleapis.com/cloud-training/T-GCPPCN-A/1.0/student/PCNE_Workbook.pdf.

This is important and then you will be focusing on preparing according to this, the preparation is your key to success. I will give you here the tips I have used to prepare with success for the exam in this blog post!

As everybody knows networking concepts are sometimes hard to gain, and figure out as BGP with so many parameters and routing possibilities the protocol can offer, also VLANs and other Layer 2 or Layer 3 networking technologies can sometimes be cumbersome. But when it comes to Cloud Networking the effort to catch every service is even harder because they are often offered as managed services by Cloud providers and the underlying behavior is hidden.

You have to go deeper in GCP documentation and Hands-On Labs to familiarize yourself with these services and get confident for the exam to make sure you understand well for what purpose they have been designed and how to configure them in the Cloud. Let me explain how my learning path was to prepare for the GCP PCNE certification.

#1 Study the cloud network engineer certification guide

I knew that passing the exam would not be easy, so I began to prepare myself by studying the exam guide and reviewing the relevant Google Cloud documentation:

https://cloud.google.com/certification/guides/cloud-network-engineer/

Take time to identify the topics you may be already familiar with, and others where you feel less comfortable and don’t know at all, and mark them for future work on it. Some topics like GKE networking deserve a deep analysis to understand well how they are implemented in GCP. After this, you will know which area and topics you have to prepare yourself.

#2 Signup for Google and Cloud Guru training and Get a Sandbox

Google Cloud Skills Boost: Network Engineer Learning Path:

Preparing for Your Professional Cloud Network Engineer Journey (assessment)

https://partner.cloudskillsboost.google/course_templates/383

Google Cloud Fundamentals: Core Infrastructure

https://partner.cloudskillsboost.google/course_templates/60

Networking in Google Cloud: Defining and Implementing Networks

https://partner.cloudskillsboost.google/course_templates/35

Networking in Google Cloud: Hybrid Connectivity and Network Management

https://partner.cloudskillsboost.google/course_templates/36

A Cloud Guru: Google Certified Professional Cloud Network Engineer (Karlos Knox, Special Thanks to him (KBA)!), do all the training with a special focus on:

Kubernetes, Clusters & VPC Interactions
DNS and CDN Services
Load Balancing
Monitoring Network Operations

I have taken advantage of my GCP’s sandbox to set up test environments and practice implementing different network architectures. Special thanks to my employer for allocating me this sandbox and the necessary time to study for my exam (Thanks DoiT!). The alternative if you don’t have a sandbox is to get a free 300$ trial from Google Cloud or Cloud Guru subscription.

#3 Understand well these cloud networking concepts

VPC: default, custom, and shared VPC implementations with service projects.
Firewall rules: configuration with service accounts, targets, priority, and logs.
Routes: System-generated routes (default and subnet routes), Custom routes (static and dynamic routes). How these routes are advertised from: VPC Peering and Cloud Routers to On-Prem. VPC peering: import/export custom routes.
Packet mirroring: set up a mirroring policy, mirrored source(s), and destination.
IAM Roles: understanding roles needed to manage and create shared VPCs.
DNS Services: make sure to understand well how to create private and public zones in GCP, activating DNSSEC on public zones, the different DNS zone types, and when to use them (private, public zones, forwarding zones, peering zones). Make sure you know when to use the DNS forwarding zone rather than DNS Server policies (Cloud DNS Best Practices).
Hybrid Connectivity: HA designs, HA VPNs, HA for Interconnects to reach 999 or 9999 SLAs. Cloud Interconnects: VLAN attachments creation, BGP Sessions IP address configuration. BGP: public and private ASNs, peer ASN, route priority, MED.
IP addressing: RFC1918 private IP space ranges, Cloud Router Link-Local BGP peering IP addresses. CIDR IP address notation, IP aliases, Primary and Secondary CIDR ranges, and Subnetting.
Private Access options to access Google APIs and services: Private Google Access, Private Service Connect, Private Service Access, Serverless VPC Access (knowing which option to use for which service according to the context).
Virtual appliances: using multiple network interfaces, and centralized network appliances (NGFGW, IDS). Internal TCP/UDP Load Balancers as next hop, architecture with multi-NICs virtual appliances.
Load Balancers: knowing when to use global vs regional load balancer as well as HTTP or Network load Balancer. Cloud CDN: global content delivery network, edge location, and caching features. Cloud Armor: security policies to protect workload using HTTP/s Load Balancer.
Packet mirroring: set up a mirroring policy, mirrored source(s), and destination.

Helpful links:

Cloud OnAir GCP networking 101 — VPC Shared VPC Interconnect https://www.youtube.com/watch?v=0hN-dyOV10c
Cloud OnAir: Google Cloud Networking 102 — Cloud Routing and VPC Peering: https://www.youtube.com/watch?v=jQc9P7xA_wU
Cloud OnAir: Google Cloud Networking 103 — Securing your Network: https://www.youtube.com/watch?v=W-YAQCP2Bdg
Cloud OnAir: Google Cloud Networking 104 — Everything You Need to Know About Load Balancers on GCP
Cloud OnAir: Networking 105 — How to use GCP DNS: https://www.youtube.com/watch?v=OH_Jw8NhEGU
Cloud On air GCP networking L200 — Google Cloud Networking Fundamentals https://www.youtube.com/watch?v=vDrG15sv5ss