Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Your organization has 10 distinct Virtual Private Cloud (VPC) networks, each in a separate project within a single Google Cloud region. The security team mandates that every VPC must establish private connectivity to the primary on-premises location through a shared Partner Interconnect connection in the same region. Cost and operational efficiency require this connectivity to be reused across all projects. Additionally, all traffic between projects, on-premises locations, and the internet must be routed through the same third-party inspection appliances. What is the recommended solution?
Exam-Like
A
Configure the third-party appliances with multiple interfaces and specific Partner Interconnect VLAN attachments per project. Create the relevant routes on the third-party appliances and VPC networks.
B
Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks.
C
Consolidate all existing projects’ subnetworks into a single VPCreate separate VPC networks for on-premises and internet connectivity. Configure the third-party appliances with multiple interfaces, with each interface connected to a separate VPC network. Create the relevant routes on the third-party appliances and VPC networks.
D
Configure the third-party appliances with multiple interfaces. Create a hub VPC network for all projects, and create separate VPC networks for on-premises and internet connectivity. Create the relevant routes on the third-party appliances and VPC networks. Use VPC Network Peering to connect all projects’ VPC networks to the hub VPC. Export custom routes from the hub VPC and import on all projects’ VPC networks.
Explanation:
The correct approach is to use a hub-and-spoke model with VPC Network Peering. A hub VPC consolidates the Partner Interconnect connection and third-party appliances, allowing all traffic (inter-project, on-premises, and internet) to be inspected centrally. VPC peering connects all projects' VPCs (spokes) to the hub, with custom routes exported from the hub to ensure traffic flows through the appliances. This setup shares connectivity (reducing Partner Interconnect costs) and meets inspection requirements, while maintaining separate VPCs per project.
Comments
Loading comments...