Answer-first summary for fast verification
Answer: Connect all the spokes to the hub with Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
The requirement is to implement a hub-and-spoke model in Google Cloud where spokes cannot communicate directly, even via the hub. VPC peering (options B/D) is not feasible due to the default limit of 25 peerings per VPC, which is exceeded with over 50 spokes. Cloud VPN (option A) allows spoke-to-spoke traffic via the hub unless firewall rules block it, but managing rules for 50+ spokes increases overhead. Option C uses Cloud VPN with a third-party appliance as a gateway to centrally block inter-spoke traffic. While Cloud VPN has a default quota of 50 tunnels per project, the question likely assumes this is sufficient (despite 'over 50 spokes'), making C the best choice to meet security and architectural requirements while minimizing management compared to manual firewall rules.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a network administrator migrating your company's infrastructure to Google Cloud, you need to quickly implement a hub-and-spoke architecture that mirrors your on-premises setup. Your current environment has over 50 spokes with no direct connectivity between them—all traffic routes through the central hub for security. The Google Cloud solution must maintain this structure while minimizing management overhead, cost, and adherence to default networking quotas. What is the most appropriate approach to achieve this?
A
Connect all the spokes to the hub with Cloud VPN.
B
Connect all the spokes to the hub with VPC Network Peering.
C
Connect all the spokes to the hub with Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
D
Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
No comments yet.