Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You are managing a Shared VPC in a host project. Multiple departments within your organization have infrastructure deployed in various service projects connected to the Shared VPC, using IAM permissions to control cloud resources in those projects. VPC Network Peering is configured between the Shared VPC and a common services VPC outside of any service project. Some users report connectivity failures between specific instances across different Shared VPC service projects, as well as between certain instances and the internet. How should you verify the network configuration to determine if a misconfiguration is causing these issues?
Explanation:
The correct answer is C. Connectivity Tests from Network Intelligence Center are designed to validate network configurations by simulating connectivity paths between endpoints, checking firewall rules, routes, and VPC peering setups. This approach directly identifies misconfigurations (e.g., missing routes, blocked ports) without requiring active traffic. Options A (audit logs) track administrative actions, not traffic. Option B (manual ping tests) is impractical and may fail if SSH access is blocked. Option D (VPC Flow Logs) requires traffic to be generated to capture data, which might not be feasible if routing issues prevent traffic flow. Connectivity Tests provide a proactive and configuration-focused validation, making it the most effective choice.