Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 170 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 170
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are configuring your organization's Google Cloud environment to connect to your on-premises network, which does not support Border Gateway Protocol (BGP). Your on-premises network has 30 CIDR ranges that must be reachable from Google Cloud. Your VPN gateway creates a unique child security association (SA) per CIDR. You must ensure that the 30 CIDR ranges in your on-premises network are reachable from Google Cloud.

Following Google-recommended practices, which two methods can you use to accomplish this? (Choose two.)

  • A. Create a single Cloud VPN tunnel that uses route-based VPN.
  • B. Create a single Cloud VPN tunnel that uses policy-based routing with 30 CIDRs as the remote traffic selectors.
  • C. Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to unique peer IP addresses.
  • D. Create multiple Cloud VPN tunnels that use policy-based routing with 10 CIDR per tunnel as the remote traffic selectors.
  • E. Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to the same peer IP address.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by [deleted] at Feb. 8, 2024, 5:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
netmaster81
2 months, 2 weeks ago
Selected Answer: AC
IKEv1 supports 1 CIDR for each VPN and on SA for each IKEv2 supports up to 30 CIDR for each VPN but all of them share one SA as the current VPN use unique SA for each CIDR then we can't use IKEV2.. not B
upvoted 1 times
...
AzurePete
4 months, 3 weeks ago
Selected Answer: BD
B. Create a single Cloud VPN tunnel that uses policy-based routing with 30 CIDRs as the remote traffic selectors. D. Create multiple Cloud VPN tunnels that use policy-based routing with 10 CIDR per tunnel as the remote traffic selectors. Policy-based routing allows you to specify which traffic is sent over specific tunnels based on the local and remote traffic selectors (CIDR blocks). You can either create a single tunnel with 30 remote traffic selectors (option B) or create multiple tunnels, each with up to 10 remote traffic selectors (option D). Option A is incorrect because route-based VPNs require BGP, which your on-premises network does not support. Options C and E are incorrect because they suggest creating a tunnel for each CIDR block, which would result in 30 tunnels. This is unnecessary and would increase complexity and management overhead.
upvoted 1 times
...
Positron75
7 months, 3 weeks ago
Selected Answer: AC
The documentation points towards A+C: https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing?hl=en#route-alignment For A: "Use a route-based VPN. Both traffic selectors are 0.0.0.0/0 by definition for route-based VPNs. You can create routes that are more specific than the traffic selectors." For C: "Use policy-based routing to create multiple Cloud VPN tunnels so that each tunnel only has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. (...) Your peer VPN gateway must offer separate external IP addresses to which each Cloud VPN tunnel can connect. Tunnels on the same Classic VPN gateway must connect to unique peer gateway IP addresses."
upvoted 3 times
...
desertlotus1211
8 months, 2 weeks ago
Answer A&B are correct.
upvoted 1 times
desertlotus1211
8 months, 1 week ago
Rethinking - B&C
upvoted 2 times
...
...
dev62
9 months ago
B&C : https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing
upvoted 2 times
dev62
8 months, 4 weeks ago
C & E also seems correct
upvoted 1 times
...
...
[Removed]
9 months, 3 weeks ago
Selected Answer: AC
The correct methods are options A and C.
upvoted 2 times
[Removed]
9 months, 3 weeks ago
A. Create a single Cloud VPN tunnel that uses route-based VPN. This method allows you to establish a single VPN tunnel between your on-premises network and Google Cloud. Route-based VPNs use static routes to determine which traffic should be sent over the VPN tunnel. You can configure static routes for each of the 30 CIDR ranges to ensure they are reachable. C. Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to unique peer IP addresses. With this approach, you create multiple VPN tunnels, each tunnel dedicated to a subset of the 30 CIDR ranges. Policy-based routing allows you to define specific routing policies for different traffic selectors. By connecting each tunnel to a unique peer IP address, you can ensure segregation of traffic and routing based on CIDR ranges.
upvoted 3 times
BB_norway
9 months, 1 week ago
So with this we require 30 unique remote peer IP? is that realistic?
upvoted 1 times
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel