Answer-first summary for fast verification
Answer: Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.
To determine if traffic is being dropped due to firewall rules or routing issues, the best approach is to use Network Intelligence Center Connectivity Tests (Option A). This tool simulates traffic between a source and destination, checking for valid paths while considering firewall rules and routes. If the test shows a firewall block, that is the cause; if no valid route exists, it indicates a routing issue. VPC Flow Logs (Option C) could help if traffic is actively being generated, as flow logs capture firewall denials. However, if routing is misconfigured, traffic may not reach the firewall, resulting in no log entries. Connectivity Tests provide a proactive and direct way to diagnose without relying on live traffic. Traceroute (Option D) is less reliable due to potential ICMP blocking and does not definitively distinguish between routing and firewall issues. Network Topology (Option B) does not replay historical traffic, making it unsuitable for diagnosing past connectivity issues.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To troubleshoot connectivity issues between your Google Cloud service and on-premises service over Dedicated Interconnect, how can you determine whether traffic is being dropped due to firewall rules or routing misconfiguration?
A
Use the Network Intelligence Center Connectivity Tests to test the connectivity between the VPC and the on-premises network.
B
Use Network Intelligence Center Network Topology to check the traffic flow, and replay the traffic from the time period when the connectivity issue occurred.
C
Configure VPC Flow Logs. Review the logs by filtering on the source and destination.
D
Configure a Compute Engine instance on the same VPC as the service running on Google Cloud to run a traceroute targeted at the on-premises service.
No comments yet.