Google Professional Cloud Network Engineer Exam - Topic 7 Question 100 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam

Question #: 100
Topic #: 7

[All Professional Cloud Network Engineer Questions]

Your organization recently created a sandbox environment for a new cloud deployment. To have parity with the production environment, a pair of Compute Engine instances with multiple network interfaces (NICs) were deployed. These Compute Engine instances have a NIC in the Untrusted VPC (10.0.0.0/23) and a NIC in the Trusted VPC (10.128.0.0/9). A HA VPN tunnel has been established to the on-premises environment from the Untrusted VPC. Through this pair of VPN tunnels, the on-premises environment receives the route advertisements for the Untrusted and Trusted VPCs. In return, the on-premises environment advertises a number of CIDR ranges to the Untrusted VPC. However, when you tried to access one of the test services from the on-premises environment to the Trusted VPC, you received no response. You need to configure a highly available solution to enable the on-premises users to connect to the services in the Trusted VPC. What should you do?

AAdd both multi-NIC VMs to a new unmanaged instance group, named nva-uig.
Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.
Create a custom static route in the Untrusted VPC for destination 10.123.0.0/9 and the next hop ilb-untrusted.
Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend.
Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

BAdd both multi-NIC VMs to a new unmanaged instance group, named nva-uig.
Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uig unmanaged instance group designated as the backend.
Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.
Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uig unmanaged instance group designated as the backend.
Create a custom static route in the Trusted VPC for destination 10.0.0.0/23 and the next hop ilb-trusted.

CAdd both multi-NIC VMs to a new unmanaged instance group, named nva-uigO.
Create an internal passthrough Network Load Balancer in the Untrusted VPC, named ilb-untrusted, with the nva-uigO as backend.
Create a custom static route in the Untrusted VPC for destination 10.128.0.0/9 and the next hop ilb-untrusted.
Add both multi-NIC VMs to a new unmanaged instance group, named nva-uigl.
Create an internal passthrough Network Load Balancer in the Trusted VPC, named ilb-trusted, with the nva-uigl as backend.
Create a custom static route in the Trusted VPC for destination 0.0.0.0/0 and the next hop ilb-trusted.

DAdd both multi-NIC VMs to a new unmanaged instance group, named nva-uig.
Create two custom static routes in the Untrusted VPC for destination 10.128.0.0/9 and set each of the VMs' NIC as the next hop.
Create two custom static routes in the Trusted VPC for destination 10.0.0.0/23 and set each of the VMs' NIC as the next hop.

Show Suggested Answer

Suggested Answer: B

The solution requires creating internal passthrough load balancers for both VPCs, with custom static routes pointing to each load balancer. This ensures connectivity between the on-premises environment and the Trusted VPC via the Untrusted VPC.

by Elin at Jan 13, 2025, 05:43 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lanie

3 months ago

I agree with A, it covers both VPCs effectively!

upvoted 0 times

...

Lai

4 months ago

Wait, why would we set both NICs as next hops in D?

upvoted 0 times

...

Tori

4 months ago

D looks complicated, not sure if it's necessary.

upvoted 0 times

...

Artie

4 months ago

I think B is better for routing to the Trusted VPC.

upvoted 0 times

...

Stephaine

4 months ago

Option A seems solid for load balancing.

upvoted 0 times

...

Viola

5 months ago

I’m leaning towards option B because it mentions the correct CIDR ranges for the routes, but I’m not entirely confident about the internal load balancer setup.

upvoted 0 times

...

Roslyn

5 months ago

I have a vague memory of needing to add both VMs to an unmanaged instance group, but I’m confused about the next hops for the routes. Is it really necessary to set them for both NICs?

upvoted 0 times

...

Howard

5 months ago

I think we practiced a similar question where we had to configure load balancers and routes. I feel like option A might be the right choice, but I can't recall the specifics.

upvoted 0 times

...

Glynda

5 months ago

I remember we discussed the importance of having proper routing between the VPCs, but I'm not sure which option correctly sets up the routes for both environments.

upvoted 0 times

...

Zona

5 months ago

I've got a strategy in mind. I think Option B looks like the right approach, with the load balancers and custom routes in each VPC. I'll double-check the details, but I feel confident I can work through this.

upvoted 0 times

...

Marguerita

5 months ago

I'm a bit confused by all the different VPCs and network configurations. I'll need to take some time to really understand the scenario before I start trying to solve this.

upvoted 0 times

...

Kayleigh

5 months ago

Okay, let's see. I think the key here is setting up the load balancers and static routes to enable the on-premises users to access the Trusted VPC. I'll need to make sure I understand the VPC network setup and the requirements.

upvoted 0 times

...

Erin

5 months ago

Hmm, this seems like a tricky one. I'll need to carefully read through the details and think through the different options.

upvoted 0 times

...

Phil

1 year ago

I'm with Avery on this one - drawing a diagram would be the way to go. But out of the options presented, Option B seems the most logical and comprehensive approach.

upvoted 0 times

...

Avery

1 year ago

Haha, I bet the exam writers had a field day coming up with this one. If I was a network engineer, I'd probably just draw a diagram to work this out. Option B looks like the most straightforward solution.

upvoted 0 times

...

Casie

1 year ago

Using individual VM NICs as the next hop for the static routes feels like a fragile solution. The load balancer approach in Option B is more robust and scalable.

upvoted 0 times

...

Barb

1 year ago

Splitting the instance groups into nva-uigO and nva-uigl seems unnecessary and adds unnecessary complexity. I'd go with the simpler approach in Option B.

upvoted 0 times

Tanja

12 months ago

Agreed, Option B it is for configuring the highly available solution.

upvoted 0 times

...

Dustin

12 months ago

Let's go with Option B then.

upvoted 0 times

...

Edelmira

12 months ago

Option B looks like the simpler approach to solve the issue.

upvoted 0 times

...

Tennie

1 year ago

I agree, splitting the instance groups seems unnecessary.

upvoted 0 times

...

Yan

1 year ago

I'm not sure, but I think option B could also work. It's a tough decision.

upvoted 0 times

...

Mendy

1 year ago

I agree with Deeanna. Option A seems to be the best choice.

upvoted 0 times

...

Clarinda

1 year ago

I'm not sure about creating an internal load balancer in the Trusted VPC with a 0.0.0.0/0 route. That seems overly broad and could potentially introduce security risks. Option B looks better overall.

upvoted 0 times

Na

1 year ago

User 2

upvoted 0 times

...

Cherry

1 year ago

User 1

upvoted 0 times

...

Deeanna

1 year ago

I think we should go with option A.

upvoted 0 times

...

Glenna

1 year ago

Option B seems the most comprehensive and logical solution. Separating the load balancers for the Untrusted and Trusted VPCs makes sense, and using custom static routes to route traffic through the appropriate load balancer is a solid approach.

upvoted 0 times

Noble

1 year ago

Using custom static routes to direct traffic through the correct load balancer is a logical approach.

upvoted 0 times

...

Graciela

1 year ago

The separation of load balancers for the Untrusted and Trusted VPCs is a smart move.

upvoted 0 times

...

Romana

1 year ago

I agree, Option B does seem like the best choice here.

upvoted 0 times

...