Exam Professional Cloud Network Engineer topic 1 question 82 discussion

D is the only answer, C is not include all necessary subnets private.googleapis.com 199.36.153.8/30 https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config

To connect to Cloud Storage APIs and Google Kubernetes Engine nodes across a private Cloud Interconnect network, you need to advertise the correct prefixes to the Cloud Router. Option D is correct because it configures the Cloud Router to advertise the correct prefix (199.36.153.8/30), which is required for Private Google Access. Additionally, this option ensures that all visible subnets are advertised to the Cloud Router, which is necessary for communication with Kubernetes Engine nodes. Options A, B, and C are incorrect because they do not provide the complete configuration necessary for communication with both Cloud Storage APIs and Google Kubernetes Engine nodes across a private Cloud Interconnect network.

the correct answer is D. A suggests configuring the route advertisement to the default setting, but this may not be sufficient for your requirements. B suggests configuring a static route on the on-premises router for the storage API virtual IP address, which points to the Cloud Router's link-local IP address. This may work but requires manual configuration on the on-premises network. C suggests configuring the route advertisement to the custom setting and manually adding prefix 199.36.153.8/30 to the list of advertisements, but this option does not include all the necessary subnets for Cloud Storage APIs and Google Kubernetes Engine nodes. D suggests configuring the route advertisement to the custom setting, manually adding prefix 199.36.153.8/30 to the list of advertisements, and advertising all visible subnets to the Cloud Router. This option would be the most appropriate solution as it includes all necessary subnets for Cloud Storage APIs and Google Kubernetes Engine nodes.

why not C ? nodes are in primary subnet so its automatically advertised right?

With Firewall Insights metrics, you can perform the following tasks: • Verify that firewall rules are used in an intended way. • Over specified periods, verify that firewall rules allow or block their intended connections.

D is the correct answer

Your configuration must be able to reach Cloud Storage APIs and your Google Kubernetes Engine nodes across your private Cloud Interconnect network.... You also need to advertise GKE nodes to on-prem hence option with all visible route advertisement is right ans .... D is the right answer.

all used the same link, but different answers. Can someone explain?

I agree B

Explanation: https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-routing-on-prem

B is correct answer, since we don't need to reach pods/services ip's: https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-routing-custom

D is correct answer: https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-routing-custom

It was easy, to private access to API google, adjust on premise resources like DNS, firewall and routing. https://cloud.google.com/vpc/docs/private-google-access-hybrid

D is correct

B is correct answer Please refer this link for more details. https://cloud.google.com/vpc/docs/private-google-access-hybrid