ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 232 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 232
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are troubleshooting an application in your organization's Google Cloud network that is not functioning as expected. You suspect that packets are getting lost somewhere. The application sends packets intermittently at a low volume from a Compute Engine VM to a destination on your on-premises network through a pair of Cloud Interconnect VLAN attachments. You validated that the Cloud Next Generation Firewall (Cloud NGFW) rules do not have any deny statements blocking egress traffic, and you do not have any explicit allow rules. Following Google-recommended practices, you need to analyze the flow to see if packets are being sent correctly out of the VM to isolate the issue. What should you do?

  • A. Create a packet mirroring policy that is configured with your VM as the source and destined to a collector. Analyze the packet captures.
  • B. Enable VPC Flow Logs on the subnet that the VM is deployed in with SAMPLE_RATE = 1.0, and run a query in Logs Explorer to analyze the packet flow.
  • C. Verify the network/attachment/egress_dropped_packets_count Cloud Interconnect VLAN attachment metric.
  • D. Enable Firewall Rules Logging on your firewall rules and review the logs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 1f01b87 at March 16, 2025, 8:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
glb2
1 month, 3 weeks ago
Selected Answer: B
B is correct.
upvoted 1 times
...
n2183712847
3 months, 2 weeks ago
Selected Answer: A
Option A better choice, captures and inspects packets directly from source.
upvoted 1 times
...
mohitms1996
4 months, 2 weeks ago
Selected Answer: B
(A) Create a packet mirroring policy and analyze captures. ✅ Packet Mirroring is useful for deep packet inspection. ❌ Not ideal for low-volume, intermittent traffic—it captures all packets but requires additional setup and a collector. ❌ High overhead—not Google's first recommended step for troubleshooting basic connectivity. 🔴 Not the best first step. (B) Enable VPC Flow Logs with SAMPLE_RATE = 1.0 and analyze in Logs Explorer. ✅ VPC Flow Logs provide packet-level visibility, showing if packets leave the VM. ✅ Setting SAMPLE_RATE = 1.0 ensures all packets are logged (which is important for low-volume traffic). ✅ Recommended Google Cloud practice for network troubleshooting. ✅ Can quickly confirm if packets are sent to the VLAN attachment. 🟢 Best option!
upvoted 1 times
...
Gwendal
4 months, 2 weeks ago
Selected Answer: A
With VPC Flow Logs, logs are sampled. Some packets in very low volume flows might be missed even with SAMPLE_RATE = 1.0 per my understanding. Here the volume is low, so I would go for packet mirroring because it captures all packets. https://cloud.google.com/vpc/docs/access-flow-logs#some_flows_are_missing https://cloud.google.com/vpc/docs/flow-logs#log-sampling
upvoted 1 times
...
1f01b87
5 months ago
Selected Answer: A
Correct answer is either A or B. I'm leaning towards A.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel