ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 114 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 114
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You are configuring an HA VPN connection between your Virtual Private Cloud (VPC) and on-premises network. The VPN gateway is named VPN_GATEWAY_1. You need to restrict VPN tunnels created in the project to only connect to your on-premises VPN public IP address: 203.0.113.1/32. What should you do?

  • A. Configure a firewall rule accepting 203.0.113.1/32, and set a target tag equal to VPN_GATEWAY_1.
  • B. Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs to use an allowList consisting of only the 203.0.113.1/32 address.
  • C. Configure a Google Cloud Armor security policy, and create a policy rule to allow 203.0.113.1/32.
  • D. Configure an access control list on the peer VPN gateway to deny all traffic except 203.0.113.1/32, and attach it to the primary external interface.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by nosense at Dec. 2, 2022, 2:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
desertlotus1211
4 months, 3 weeks ago
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints This list constraint defines the set of valid IP-v4 addresses that can be configured as VPN peer IPs. By default, any IP can be a VPN peer IP for a VPC network. The allowed/denied list of IP addresses must be specified as valid IP-v4 addresses in the form: IP_V4_ADDRESS. constraints/compute.restrictVpnPeerIPs
upvoted 1 times
...
pk349
9 months, 2 weeks ago
• B. Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs ***** to use an allowList consisting of only the 203.0.113.1/32 address. HA-VPN is IPSec VPN solution to enable secure connectivity between your on-premise network to your Google Cloud Virtual Private Cloud (VPC) network through an IPSec VPN connection with 99.99% service availability at GA. HA-VPN is a regional per VPC VPN solution. Consider the following as you plan a migration to HA VPN: • Your peer VPN device or service must support the Border Gateway Protocol (BGP). If it does not, you cannot use HA VPN.
upvoted 1 times
...
jitu028
10 months, 3 weeks ago
Correct answer - B To ensure that your VPN gateway is protected, use the org policy constraint named constraints/compute.restrictVpnPeerIPs. This constraint will limit the public IPs that are allowed to initiate IPSec sessions with your VPN gateway. https://cloud.google.com/blog/topics/developers-practitioners/limiting-public-ips-google-cloud#:~:text=For%20VPNs%2C%20a,VPN%20gateway.
upvoted 2 times
...
ccieman2016
11 months ago
Selected Answer: B
I think this question in security scope exam. B is correct. https://cloud.google.com/blog/topics/developers-practitioners/limiting-public-ips-google-cloud
upvoted 4 times
AzureDP900
10 months, 3 weeks ago
Yes, It should be part of security. I agree with B is right. For VPNs, a VPN gateway requires a public IP address for you to connect your on-premises environment to Google Cloud. To ensure that your VPN gateway is protected, use the org policy constraint named constraints/compute.restrictVpnPeerIPs. This constraint will limit the public IPs that are allowed to initiate IPSec sessions with your VPN gateway.
upvoted 2 times
...
...
nosense
11 months ago
Selected Answer: B
b is right To control the list of peer IP addresses that users can specify when creating Cloud VPN tunnels, use the Resource Manager constraint constraints/compute.restrictVpnPeerIPs.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago