Google Exam Professional Cloud Network Engineer Topic 4 Question 84 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam

Question #: 84
Topic #: 4

[All Professional Cloud Network Engineer Questions]

You are configuring your Google Cloud environment to connect to your on-premises network. Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Engine nodes across your private Cloud Interconnect network. You have already configured a Cloud Router with your Interconnect VLAN attachments. You now need to set up the appropriate router advertisement configuration on the Cloud Router. What should you do?

AConfigure the route advertisement to the default setting.

BOn the on-premises router, configure a static route for the storage API virtual IP address which points to the Cloud Router's link-local IP address.

CConfigure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Leave all other options as their default settings.

DConfigure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Advertise all visible subnets to the Cloud Router.

Show Suggested Answer

Suggested Answer: D

This answer follows the Google-recommended practices for using privately used public IP (PUPI) addresses for GKE Pod address blocks1. The benefits of this approach are:

It allows you to use any public IP addresses that are not owned by Google or your organization for your Pods, which can help mitigate address exhaustion in your enterprise.

It prevents any external traffic from reaching your Pods, as Google Cloud does not route PUPI addresses to the internet or to other VPC networks by default.

It enables you to use VPC Network Peering to connect your GKE cluster to other VPC networks that use different PUPI addresses, as long as you enable the export and import of custom routes for the peering connection.

It preserves the fully integrated network model of GKE, where Pods can communicate with nodes and other resources in the same VPC network without NAT.

The options that you need to select when creating a private GKE cluster with PUPI addresses are:

--disable-default-snat: This option disables source NAT for outbound traffic from Pods to destinations outside the cluster's VPC network.This is necessary to prevent Pods from using RFC 1918 addresses as their source IP addresses, which could cause conflicts with other networks that use the same address space2.

--enable-ip-alias: This option enables alias IP ranges for Pods and Services, which allows you to use separate subnet ranges for them.This is required to use PUPI addresses for Pods1.

--enable-private-nodes: This option creates a private cluster, where nodes do not have external IP addresses and can only communicate with the control plane through a private endpoint.This enhances the security and privacy of your cluster3.

Option A is incorrect because it does not use PUPI addresses for Pods, but rather RFC 1918 addresses. This does not solve the problem of address exhaustion in your enterprise. Option B is incorrect because it reuses the secondary address range for Services across multiple private GKE clusters, which could cause IP conflicts and routing issues. Option C is incorrect because it does not specify the options that are needed to create a private GKE cluster with PUPI addresses.

by Rickie at Jun 01, 2024, 09:32 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Erasmo

27 days ago

I wonder if the 'Cloud Interconnect' is anything like a 'Cloud Hammock'. Either way, I'm taking a nap.

upvoted 0 times

Carissa

6 days ago

A) Configure the route advertisement to the default setting.

upvoted 0 times

...

I think we should go with option C.

upvoted 0 times

...