Exam Professional Cloud Architect topic 1 question 77 discussion

It can't be -A - VPC Network Peering only allows private RFC 1918 connectivity across two Virtual Private Cloud (VPC) networks. In this example is one VPC with on-premise network https://cloud.google.com/vpc/docs/vpc-peering It is not definitely - B - Can't be It is not C - Because Cloud VPN gateways and tunnels are regional objects, not global So, it the answer is D - https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

Just Passed my exam and I answered (D) for this question

Option C: Create a global VPN gateway and establish VPN tunnels from each region to the on-premises peer gateway. This suggests that a single global VPN gateway manages the tunnels from both regions. Option D: Deploy a VPN gateway in each region and ensure that each region has at least one VPN tunnel to the on-premises peer gateway. This indicates that each region has its own VPN gateway. >Option D ensures that there is a VPN gateway in each region, providing greater redundancy. If a gateway in one region fails, the gateway in the other region remains operational.

Global Cloud VPN Gateway: This feature allows for the creation of a single VPN gateway that can serve multiple regions within the same VPC network. By creating a global VPN gateway, you can efficiently manage VPN connections from all regions of your VPC to your on-premises network. Simplicity and Efficiency: Using a global gateway simplifies the configuration and management of VPN connections as opposed to maintaining separate regional VPN gateways. It centralizes the VPN endpoint on the Google Cloud side, reducing the complexity of the network setup. Reliable and Secure Communication: The global Cloud VPN Gateway allows for secure, encrypted tunnels between Google Cloud and the on-premises network, ensuring that the application’s inter-regional and on-premises communications are secure.

C is wrong. A global vpn is a single region resource. https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn?hl=it gcloud compute vpn-gateways create GW_NAME \ --network=NETWORK \ --region=REGION \ --stack-type=IP_STACK so D is the answer

It´s option C! So, while the VPN Gateway itself is a regional resource, its scope can be effectively global as it can serve resources across different regions within the same Virtual Private Cloud (VPC). This is why it’s sometimes referred to as a ‘global’ service in the context of its functionality, even though strictly speaking, it’s a regional resource.

Each Cloud VPN gateway is a regional resource that uses one or more regional external IP addresses. A Cloud VPN gateway can connect to a peer VPN gateway.

It can't be -A - VPC Network Peering only allows private RFC 1918 connectivity across two Virtual Private Cloud (VPC) networks. In this example is one VPC with on-premise network https://cloud.google.com/vpc/docs/vpc-peering It is not definitely - B - Can't be It is not C - Because Cloud VPN gateways and tunnels are regional objects, not global So, it the answer is D - https://cloud.google.com/vpn/docs/how-to/creating-static-vpn

D looks fine.

As HA isn't required, why do we need two VPN gateways?

D is ok

D is the correct answer, in order to do A you will need VPN., or interconnect

there is two VPN: 1. classic VPN 2. HA VPN

Cloud VPN Gateway is a regional service, not global.

Why not C? services across regions can communicate to each other, VPN only connects to the closet region, and all the VPC shall be connected if firewall's set.

Go for D. Cloud VPN Gateway is regional. NOt Global gcloud compute vpn-gateways create GW_NAME \ --network=NETWORK \ --region=REGION

D is the correct answer