Google Exam Professional Cloud Network Engineer Topic 4 Question 86 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam

Question #: 86
Topic #: 4

[All Professional Cloud Network Engineer Questions]

You are maintaining a Shared VPC in a host project. Several departments within your company have infrastructure in different service projects attached to the Shared VPC and use Identity and Access Management (IAM) permissions to manage the cloud resources in those projects. VPC Network Peering is also set up between the Shared VPC and a common services VPC that is not in a service project. Several users are experiencing failed connectivity between certain instances in different Shared VPC service projects and between certain instances and the internet. You need to validate the network configuration to identify whether a misconfiguration is the root cause of the problem. What should you do?

AReview the VPC audit logs in Cloud Logging for the affected instances.

BUse Secure Shell (SSH) to connect to the affected Compute Engine instances, and run a series of PING tests to the other affected endpoints and the 8.8.8.8 IPv4 address.

CRun Connectivity Tests from Network Intelligence Center to check connectivity between the affected endpoints in your network and the internet.

DEnable VPC Flow Logs for all VPCs, and review the logs in Cloud Logging for the affected instances.

Show Suggested Answer

Suggested Answer: D

The correct answer is D because it meets the following requirements:

It matches the hub-and-spoke model of the on-premises network, where each spoke is a separate VPC network that is connected to a central hub VPC network.

It minimizes management overhead and cost, because VPC Network Peering is a simple and low-cost way to connect VPC networks without using any external IP addresses or VPN gateways1.

It uses default networking quotas and limits, because VPC Network Peering does not consume any quota or limit for VPN tunnels, external IP addresses, or forwarding rules2.

It prevents connectivity between the spokes, because VPC Network Peering is non-transitive by default, meaning that a spoke can only communicate with the hub, not with other spokes1.To enforce this restriction, a third-party network appliance can be used as a default gateway in each spoke VPC network, which can filter out any traffic destined for other spokes3.

Option A is incorrect because it does not minimize cost, as Cloud VPN charges for egress traffic and requires external IP addresses for the VPN gateways4.Option B is incorrect because it does not prevent connectivity between the spokes, as VPC Network Peering allows direct communication between peered VPC networks by default1. Option C is incorrect because it does not minimize cost or use default quotas and limits, for the same reasons as option A.

VPC Network Peering overview | VPC

Quotas and limits | VPC

Hub-and-spoke network architecture | Cloud Architecture Center

Cloud VPN overview | Google Cloud

by Lucy at Jun 30, 2024, 03:52 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Blair

3 days ago

Absolutely, the Connectivity Tests in the Network Intelligence Center are the way to go. They'll give you a clear understanding of where the connectivity issues are, and you can use that information to identify and fix the root cause.

upvoted 0 times

...

Ronald

4 days ago

Using SSH to run PING tests is a standard troubleshooting technique, but it's limited to the instances you can directly access. Leveraging the Network Intelligence Center's Connectivity Tests would be a more efficient way to test connectivity across the entire network.

upvoted 0 times

...

Patrick

5 days ago

Reviewing the VPC audit logs is a good starting point, but it may not provide a complete picture of the connectivity issues. I would also run Connectivity Tests to get a more comprehensive view of the network configuration.

upvoted 0 times

...

Tien

7 days ago

I also think running Connectivity Tests from Network Intelligence Center could be helpful in checking connectivity to the internet.

upvoted 0 times

...

Robt

9 days ago

I agree with Selma. That could help us identify any misconfigurations causing the connectivity issues.

upvoted 0 times

...

Selma

10 days ago

I think we should review the VPC audit logs in Cloud Logging for the affected instances.

upvoted 0 times

...

Merilyn

11 days ago

I believe running Connectivity Tests from Network Intelligence Center would also help in validating the network configuration.

upvoted 0 times

...

Corinne

15 days ago

I agree with Glory. It's important to check the logs to identify any misconfigurations.

upvoted 0 times

...

Glory

16 days ago

I think we should review the VPC audit logs in Cloud Logging for the affected instances.

upvoted 0 times

...