You are setting up a connection between your organization's Google Cloud environment and your on-premises network, which does not support BGP. Your on-premises network has 30 CIDR ranges that need to be accessible from Google Cloud. The VPN gateway generates a unique child security association (SA) for each CIDR. To ensure all 30 on-premises CIDR ranges are reachable from Google Cloud while following Google's best practices, which two approaches should you use? (Select two.)

Exam-Like

A

Create a single Cloud VPN tunnel that uses route-based VPN.

23.3%

B

Create a single Cloud VPN tunnel that uses policy-based routing with 30 CIDRs as the remote traffic selectors.

10.0%

C

Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to unique peer IP addresses.

13.3%

D

Create multiple Cloud VPN tunnels that use policy-based routing with 10 CIDR per tunnel as the remote traffic selectors.

10.0%

E

Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to the same peer IP address.

43.3%

Powered ByGPT-5.2

Google Professional Cloud Network Engineer

Get started today

Comments