Google Cloud Professional Cloud Network Engineer (PCNE) Cer…

At Doit, we are obsessed with giving the best possible support to our customers. As Cloud Reliability Engineers (CREs), we dedicate over 30% of our time to studying, developing tools, and refining processes, making life easier for our customers and teams.

In this blog post, we will focus on Cloud Networking and, more specifically, on tips to become a certified cloud network engineer by passing the Professional Cloud Network Engineer Certification from Google (PCNE). We will give you all the tricks from our experience as CREs who prepared and passed the PCNE exam recently.

Let us introduce ourselves first: Jean-Alain, a Cloud Engineer with broad networking experience, has worked in the industry for several years. And: Ángel is a computing specialist CRE, has a telecom engineering and business background, and a lot of curiosity.

Before starting, allow us some general pieces of advice. We both agree that the most effective way to prepare for the test was to do the different hands-on labs to discover the services. These practical exercises allow you to assess the theoretical knowledge gained from the training sources such as video series, courses, etc. (more on these below). Additionally, creating study notes to synthesize Key concepts can serve as a cheat sheet, helping you better absorb the main exam topics.

The Google Cloud Network Professional Engineer exam (as stated in the official outline) evaluates your skills in

Designing, planning, and prototyping a Google Cloud network
Implementing Virtual Private Cloud (VPC) instances
Configuring network services
Implementing hybrid interconnectivity
Managing, monitoring, and optimizing network operations

Creating your own strategy and learning path is the most critical task to evaluate yourself to understand your weak and strong areas in networking practice skills.

After your self-evaluation, focus on tailoring your preparation journey. Proper preparation is Key to success, especially as networking concepts can sometimes be hard to grasp, for example, knowing and understanding all the available parameters for configuring a BGP session with all the routing possibilities or configuring VLANs and other Layer 2 or Layer 3 networking technologies. It can be overwhelming. The same applies to Cloud Networking. Understanding each service is challenging, especially with managed services hiding underlying behaviors.

Therefore, go deeper in GCP documentation and Hands-On Labs to familiarize yourself with these services and get confident for the Exam. You need to understand their design and how to configure them in the Cloud. Specifically, we recommend you read the Get Started Overview documentation with its correspondent best practices and troubleshooting pages in the Google documentation.

Here is our process to prepare for the GCP PCNE certification.

#1 Get familiar with the PCNE certification guide

We knew that passing the Exam would not be easy, so we began to prepare ourselves by studying the exam guide and reviewing the relevant Google Cloud documentation.

Identify the topics you are familiar with. Others you feel less comfortable with, and mark them for future work on it. GKE networking deserves a deep analysis to understand its integration into GCP. After this exercise, you will know which area and topics to prepare yourself.

#2 Sign up for the Google Cloud Skills Boost Portal

We found the following Google Cloud Skill Boost Course especially useful to complement the self-awareness step: Preparing for Your Professional Cloud Network Engineer Journey. It brings a set of videos covering the exam outline concepts (very high-level) together with some quizzes and labs (more on these below) to evaluate and practice your knowledge of the different exam areas.

Also, you can find a set of courses with deeper explanations and labs:

#3 Sign up for an online video course from the e-learning players

For us, we leveraged our enterprise account with A Cloud Guru as part of our Doers training package.

Kubernetes, Clusters & VPC Interactions
DNS and CDN Services
Load Balancing
Monitoring Network Operations

#4 Get a sandbox environment to practice

We benefit from our internal GCP sandbox to set up test environments and practice implementing different network architectures. Thanks to DoiT for allocating this sandbox and the time to study for the course.

The sandbox alternative is a free $300 trial from Google Cloud or a Cloud Guru subscription.

#4 Get a sandbox environment to practice

The sandbox alternative is a free $300 trial from Google Cloud or a Cloud Guru subscription.

#5 Understand these GCP cloud networking concepts

VPC: default, custom, and shared VPC implementations with service projects
Firewall rules and policies: configuration with service accounts, targets, priority, and logs
Routes: System-generated routes (default and subnet routes), Custom routes (static and dynamic routes). Routes advertisement from VPC Peering and Cloud Routers to On-Prem. VPC peering: import/export custom routes
Packet mirroring: How to set up a mirroring policy, mirrored source(s), and destination
IAM Roles: Understanding roles needed to manage and create shared VPCs. Roles in Monitoring and Logging. Roles for IAP
DNS Services: How to create private and public zones in GCP, activating DNSSEC on public zones, the different DNS zone types, and when to use them (private and public zones, forwarding zones, peering zones). Make sure you know when to use the DNS forwarding zone rather than DNS Server policies (Cloud DNS Best Practices)
Hybrid Connectivity: HA designs, HA VPNs, HA for Interconnects to reach 999 or 9999 SLAs. Cloud Interconnects: VLAN attachments creation, BGP Sessions IP address configuration. BGP: public and private ASNs, peer ASN, route priority, MED
IP addressing: RFC1918 private IP space ranges, Cloud Router Link-Local BGP peering IP addresses. CIDR IP address notation, IP aliases, Primary and Secondary CIDR ranges, and Subnetting. Bring Your Own IP (BYOIP)
Private Access options to access Google APIs and services: Private Google Access, Private Service Connect, Private Service Access, Serverless VPC Access (knowing which option to use for which service according to the context)
Virtual appliances: centralized network appliances (NGFGW, IDS). Internal TCP/UDP Load Balancers as next hop, architecture with multi-NICs virtual appliances
Load Balancers: knowing when to use global vs. regional load balancer, HTTP, or Network Load Balancer. Cloud CDN: global content delivery network, edge location, and caching features and modes. Cloud Armor: security policies to protect workload using HTTP/s Load Balancer.
GKE Networking: Public vs. private clusters. VPC-native vs. route-based clusters. GKE clusters in Shared VPCs. GKE Network policy
Logging and Monitoring: Network service tiers. VPC flow logs, firewall rules logging, packet mirroring, LB logging, VPN Monitoring
VPC Service Controls: perimeters, access context, and perimeters bridging
Network Intelligence Center: Firewall insights, network topology, performance dashboard, connectivity tests
Organization policies: what is and what they are for, know some of them like shared VPC related or VPC peering
Cloud NAT: Understand the difference between inbound and outbound NAT. Allocation methods. Port assignments

These are helpful links (non-exhaustive) that will help you with it:

#6 Practice Hands-on Labs

Practice extensively, focusing on Key areas like Load Balancers, Cloud NAT, Cloud Router, and Cloud VPNs. Within the Cloud Skill Boost portal, you can find several options:

From the fundamentals core infrastructure course:

Getting Started with VPC Networking and Google Compute EngineL
Google Cloud Fundamentals: Getting Started with GKE

From the Networking in Google Cloud: Defining and Implementing Networks course:

Working with Multiple VPC networks
Controlling Access to VPC networks
Configure VPC Network Peering
Set Up Network and HTTP Load Balancers (GSP 007 GCP Self-Paced Labs)
Configure Traffic Management with a Load Balancer
Caching Content with Cloud CDN

From the Networking in Google Cloud: Hybrid Connectivity and Network Management course :

Configure Google Cloud HA VPN
Implement Private Google Access and Cloud Cloud NAT
Optimizing Network Spend with Network Tiers
Resource Monitoring: Analyzing Network Traffic with VPC Flow Logs

#7 Compare your study notes with other study notes

Here we leave a couple of them for your reference:

Study notes from Ángel
Study notes from our CRE colleague link Mike Sparr

#8 Review potential questions for the Exam

If you look around, you can find some practice questions that can help you assess your level of preparation. Here are some we found particularly useful:

Google PCNE Exam Guide Sample Questions [20 questions]
Evaluation Questions in Preparing for Your Professional Cloud Network Engineer Journey [50 questions]
From A Cloud Guru course [50 questions]

Read each question carefully. While multiple answers may seem correct, identify the one with the question requirements.

#9 Register for the Exam

When you feel ready for the test, register on Webassessor.

“Bonne chance!”, “¡Buena suerte!”, “Good Luck!”

We hope you found this blog post insightful. If you have any questions or want to share your experiences, connect with us on LinkedIn.

Jean-Alain and Ángel

References and other useful links:

Professional Cloud Network Engineer Exam Guide
Professional Cloud Network Engineer Learning Path
PCNE Prep sheet for the exam from Jesuispy, Read it after the training
How to Prepare for the Google Cloud Network Engineer Exam in 2023
Book from Maurizio Ipsale and Mirko Gilioli — Google Cloud Certified Professional Cloud Network Engineer Guide (it’s a plus to read), and it has a mock exam that is available on O’Reilly
These links are for less networking-savvy readers:
A plus, Fundamentals of BGP Protocol
Foundational networking courses in A Cloud Guru estimated total study time (6 hours),
Network routing fundamentals,
Subnetting and network masking fundamentals