ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 111 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 111
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your organization's security policy requires that all internet-bound traffic return to your on-premises data center through HA VPN tunnels before egressing to the internet, while allowing virtual machines (VMs) to leverage private Google APIs using private virtual IP addresses 199.36.153.4/30. You need to configure the routes to enable these traffic flows. What should you do?

  • A. Configure a custom route 0.0.0.0/0 with a priority of 500 whose next hop is the default internet gateway. Configure another custom route 199.36.153.4/30 with priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.
  • B. Configure a custom route 0.0.0.0/0 with a priority of 1000 whose next hop is the internet gateway. Configure another custom route 199.36.153.4/30 with a priority of 500 whose next hop is the VPN tunnel back to the on-premises data center.
  • C. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.
  • D. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 500. Configure another custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the VPN tunnel back to the on-premises data center.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by AzureDP900 at Dec. 1, 2022, 1:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ccieman2016
Highly Voted 2 years, 1 month ago
Selected Answer: C
100% for C. Following this link (https://cloud.google.com/vmware-engine/docs/networking/workload-internet-access#use_an_on-premises_connection_for_workload_internet_access) we eliminate A and B. Requirement is on premise router sent 0.0.0.0/0, but this setup create black role to APIs google services. traffic to APIs (199.36.153.4/30) need still inside GCP, so is required adjust it, create custom routing to default gateway gcp (https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-routing-custom) "If you've replaced or changed your default route, ensure that you have custom static routes configured for the destination IP ranges used by private.googleapis.com or restricted.googleapis.com" 100% sure for C.
upvoted 6 times
...
1f01b87
Most Recent 3 months, 3 weeks ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
RKS_2021
5 months, 2 weeks ago
Selected Answer: C
Correct Approach: You should configure: A custom route for 199.36.153.4/30 that ensures the next hop is Google’s internal private infrastructure. A default route for 0.0.0.0/0 that sends internet-bound traffic through the on-premises data center via HA VPN. Unfortunately, none of the given options are entirely correct.
upvoted 1 times
...
hamish88
8 months, 1 week ago
Selected Answer: C
The destination of the custom route to 199.36.153.4/30 shouldn't be the VPN tunnel back to the on-premises data center but towards the default internet gateway.
upvoted 2 times
...
desertlotus1211
10 months, 2 weeks ago
A lower MED value is preferred over a higher value. D
upvoted 1 times
desertlotus1211
10 months, 2 weeks ago
and the GCP must go back out through the VPN tunnel from On-premise router
upvoted 1 times
...
...
owenshinobi
1 year, 4 months ago
Selected Answer: D
i think D by default 0.0.0.0/0 on GCP priority 1000 you need to advertise from your on-premise and high priority
upvoted 1 times
owenshinobi
1 year, 4 months ago
Recheck Agree on C.
upvoted 1 times
...
...
al_zo
2 years, 1 month ago
Selected Answer: C
Agree on C. If your VPC network contains a default route whose next hop is the default internet gateway, you can use that route to access Google APIs and services, without needing to create custom routes. If you have replaced an IPv4 default route (destination 0.0.0.0/0) with a custom route whose next hop is not the default internet gateway, you can meet the routing requirements for Google APIs and services using custom routing instead. custom routing: As an alternative to a default route for IPv4 traffic, you can use custom static routes, each having a more specific destination, and each using the default internet gateway next hop. https://cloud.google.com/vmware-engine/docs/networking/workload-internet-access#use_an_on-premises_connection_for_workload_internet_access
upvoted 2 times
...
pfilourenco
2 years, 1 month ago
Selected Answer: C
100% for C.
upvoted 2 times
...
playpacman
2 years, 1 month ago
Selected Answer: D
that is the only answer which works
upvoted 1 times
...
AzureDP900
2 years, 1 month ago
D is right answer https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
upvoted 1 times
AzureDP900
2 years ago
I am changing my answer as C. C. Announce a 0.0.0.0/0 route from your on-premises router with a MED of 1000. Configure a custom route 199.36.153.4/30 with a priority of 1000 whose next hop is the default internet gateway.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel