New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Network Engineer Exam - Topic 4 Question 84 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 84
Topic #: 4
[All Professional Cloud Network Engineer Questions]

You are configuring your Google Cloud environment to connect to your on-premises network. Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Engine nodes across your private Cloud Interconnect network. You have already configured a Cloud Router with your Interconnect VLAN attachments. You now need to set up the appropriate router advertisement configuration on the Cloud Router. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

This answer follows the Google-recommended practices for using privately used public IP (PUPI) addresses for GKE Pod address blocks1. The benefits of this approach are:

It allows you to use any public IP addresses that are not owned by Google or your organization for your Pods, which can help mitigate address exhaustion in your enterprise.

It prevents any external traffic from reaching your Pods, as Google Cloud does not route PUPI addresses to the internet or to other VPC networks by default.

It enables you to use VPC Network Peering to connect your GKE cluster to other VPC networks that use different PUPI addresses, as long as you enable the export and import of custom routes for the peering connection.

It preserves the fully integrated network model of GKE, where Pods can communicate with nodes and other resources in the same VPC network without NAT.

The options that you need to select when creating a private GKE cluster with PUPI addresses are:

--disable-default-snat: This option disables source NAT for outbound traffic from Pods to destinations outside the cluster's VPC network.This is necessary to prevent Pods from using RFC 1918 addresses as their source IP addresses, which could cause conflicts with other networks that use the same address space2.

--enable-ip-alias: This option enables alias IP ranges for Pods and Services, which allows you to use separate subnet ranges for them.This is required to use PUPI addresses for Pods1.

--enable-private-nodes: This option creates a private cluster, where nodes do not have external IP addresses and can only communicate with the control plane through a private endpoint.This enhances the security and privacy of your cluster3.

Option A is incorrect because it does not use PUPI addresses for Pods, but rather RFC 1918 addresses. This does not solve the problem of address exhaustion in your enterprise. Option B is incorrect because it reuses the secondary address range for Services across multiple private GKE clusters, which could cause IP conflicts and routing issues. Option C is incorrect because it does not specify the options that are needed to create a private GKE cluster with PUPI addresses.

1:Configuring privately used public IPs for GKE | Kubernetes Engine | Google Cloud2:Using Cloud NAT with GKE | Kubernetes Engine | Google Cloud3:Private clusters | Kubernetes Engine | Google Cloud


by Rickie at Jun 01, 2024, 09:32 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aaron
3 months ago
I’m not sure about D, advertising all subnets could be risky.
upvoted 0 times
...
Murray
3 months ago
B sounds like a solid choice too, but I’m leaning towards C.
upvoted 0 times
...
Aimee
3 months ago
Wait, why would you need to manually add that prefix? Seems odd.
upvoted 0 times
...
Tabetha
4 months ago
Definitely agree with C, it makes the most sense.
upvoted 0 times
...
Kizzy
4 months ago
I think option C is the way to go. Custom settings are key!
upvoted 0 times
...
Shawnee
4 months ago
I feel like option D makes sense since it mentions advertising all visible subnets, but I’m not entirely confident about the prefix details.
upvoted 0 times
...
Maryrose
4 months ago
I think we talked about custom settings for route advertisements, but I’m a bit confused about whether to leave other options at default or not.
upvoted 0 times
...
Cathrine
4 months ago
This question feels similar to one we practiced about configuring static routes. I think option B might be the right choice, but I can't recall the specifics.
upvoted 0 times
...
Princess
5 months ago
I remember we discussed route advertisement settings in class, but I'm not sure if the default setting is enough for our use case.
upvoted 0 times
...
Alishia
5 months ago
This question seems straightforward, but I want to make sure I understand it fully. The goal is to connect the on-premises network to the Google Cloud environment, including access to Cloud Storage and GKE. I think option C is the way to go, as it specifically mentions adding the prefix for the Cloud Storage APIs.
upvoted 0 times
...
Matt
5 months ago
Okay, let's think this through step-by-step. We need to make sure the Cloud Router can reach the Cloud Storage APIs and the GKE nodes across the private Cloud Interconnect network. The route advertisement settings on the Cloud Router seem to be the key here. I'm leaning towards option D, which looks like it covers all the necessary subnets.
upvoted 0 times
...
Jill
5 months ago
Hmm, I'm a bit unsure about this one. Do I need to configure anything on the on-premises router, or is it just the Cloud Router that needs the route advertisement settings? I'll have to review the details carefully.
upvoted 0 times
...
Leonida
5 months ago
I think I've got a good handle on this question. The key is to configure the Cloud Router's route advertisement to include the specific prefix for the Cloud Storage APIs, which is 199.36.153.8/30. Option C looks like the right approach.
upvoted 0 times
...
In
5 months ago
The Development Team having all the skills needed to create a releasable Increment - that's definitely a sign of self-organization. I'm a bit unsure about the other two options, though.
upvoted 0 times
...
Paul
5 months ago
Okay, I've got a strategy here. The key is to find a way to give the operations team control and visibility over the Docker images, while still allowing the development teams to build and push their images. I think option B might be the way to go.
upvoted 0 times
...
Holley
5 months ago
I'm not sure about this one. The question seems a bit vague, and I'm not confident I fully understand the implications of the building layout on antenna placement. I'll have to think it through carefully.
upvoted 0 times
...
Erasmo
10 months ago
I wonder if the 'Cloud Interconnect' is anything like a 'Cloud Hammock'. Either way, I'm taking a nap.
upvoted 0 times
Angelyn
8 months ago
C) Configure the route advertisement to the custom setting, and manually add prefix 199.36.153.8/30 to the list of advertisements. Leave all other options as their default settings.
upvoted 0 times
...
Fidelia
8 months ago
B) On the on-premises router, configure a static route for the storage API virtual IP address which points to the Cloud Router's link-local IP address.
upvoted 0 times
...
Carissa
9 months ago
A) Configure the route advertisement to the default setting.
upvoted 0 times
...
...
Lucia
10 months ago
Oh, I know this one! It's C, definitely C. Who would choose the 'default setting' when there's a custom option available?
upvoted 0 times
Gilma
9 months ago
Let's go with option C then. It gives us more control over the advertisements.
upvoted 0 times
...
Louvenia
9 months ago
I agree, setting a custom route advertisement seems like the best option for our specific needs.
upvoted 0 times
...
Tracey
10 months ago
I think C is the correct choice too. It allows for more customization.
upvoted 0 times
...
...
Jeannetta
10 months ago
Option B is tempting, but I'm not sure if manually configuring a static route on the on-premises router is the best approach. I think the Cloud Router should handle the advertisements.
upvoted 0 times
...
Coral
10 months ago
I'm leaning towards option D. Advertising all visible subnets to the Cloud Router seems more comprehensive, even if it's a bit more work.
upvoted 0 times
Myrtie
9 months ago
I agree, option D sounds like the best choice. It's worth the extra work to ensure everything is properly connected.
upvoted 0 times
...
Dean
10 months ago
I think option D is the way to go. It's better to advertise all visible subnets for a more comprehensive setup.
upvoted 0 times
...
...
Maile
10 months ago
I'm not sure, but option D also sounds reasonable. Advertise all visible subnets to the Cloud Router could provide more flexibility.
upvoted 0 times
...
Wilda
10 months ago
Hmm, option C looks good to me. Manually adding the prefix for the storage API virtual IP address seems like the way to go.
upvoted 0 times
...
Krissy
10 months ago
I agree with Clement. Configuring the route advertisement to the custom setting and manually adding the specific prefix seems like the best approach.
upvoted 0 times
...
Clement
11 months ago
I think we should go with option C.
upvoted 0 times
...

Save Cancel