ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 156 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 156
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are designing an IP address scheme for new private Google Kubernetes Engine (GKE) clusters. Due to IP address exhaustion of the RFC 1918 address space in your enterprise, you plan to use privately used public IP space for the new clusters. You want to follow Google-recommended practices. What should you do after designing your IP scheme?

  • A. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters. Re-use the secondary address range for the pods across multiple private GKE clusters.
  • B. Create the minimum usable RFC 1918 primary and secondary subnet IP ranges for the clusters, Re-use the secondary address range for the services across multiple private GKE clusters.
  • C. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --enable-ip-alias and --enable-private-nodes.
  • D. Create privately used public IP primary and secondary subnet ranges for the clusters. Create a private GKE cluster with the following options selected: --disable-default-snat, --enable-ip-alias, and --enable-private-nodes.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by bnba44 at Dec. 21, 2023, 2:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nabal82
10 months ago
Sorry, D is right. https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips?hl=pt-br#enable_pupis
upvoted 1 times
...
nabal82
10 months ago
B is right. https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips?hl=pt-br#enable_pupis
upvoted 1 times
...
nabal82
10 months ago
Selected Answer: D
D is right
upvoted 3 times
...
bnba44
10 months, 1 week ago
Selected Answer: C
SNAT deactivated by default
upvoted 1 times
desertlotus1211
8 months ago
GKE by default implements SNAT on the nodes to public IP destinations. If you have configured the Pod CIDR to use external IP addresses, the SNAT rules apply to Pod-to-Pod traffic. To avoid this you have 2 options: Create your cluster with the --disable-default-snat flag. For more details about this flag, refer to IP masquerading in GKE. Configure the configMap ip-masq-agent including in the nonMasqueradeCIDRs list at least the Pod CIDR, the Service CIDR, and the nodes subnet.
upvoted 1 times
...
desertlotus1211
8 months ago
Wrong it's enabled
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago