Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

The organization needs to reach on-premises resources from multiple regions while minimizing IP usage. The cloud's IP space is 192.168.0.0/20, and on-premises uses 172.16.0.0/16. Private NAT gateways allow translating instance IPs to smaller, region-specific ranges for efficient routing. Option A correctly configures NAT gateways in each region (us-west1, europe-central1, asia-southeast1) using non-overlapping /24 subnets from the cloud's 192.168.0.0/20 range. The export include policy ensures only these NAT subnets are advertised to the hub, minimizing IP usage. Global dynamic routing enables cross-region connectivity through us-east4.

Explanation:

Comments (0)

No comments yet.

You are designing a VPC architecture for your organization using a Network Connectivity Center hub-and-spoke topology:

• One Network Connectivity Center hybrid spoke exists to receive on-premises routes (172.16.0.0/16).
• One additional VPC spoke needs to be added as a Network Connectivity Center spoke.

Your organization has constrained routable IP space (192.168.0.0/20) for its cloud environment. The spoke VPC is connected to on-premises via a Cloud Interconnect in us-east4.

How should you configure the architecture to enable access to on-premises resources from multiple Google Cloud regions (us-west1, europe-central1, and asia-southeast1) while minimizing IP address usage?

Exam-Like

Last updated: April 16, 2026 at 14:02

Configure a Private NAT gateway and NAT subnet in us-west1(192.168.1.0/24), europe-central1(192.168.2.0/24) and asia-southeast1(192.168.3.0/24). 2. Add the VPC as a spoke and configure an export include policy to advertise only 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1 and asia-southeast1 to reach the on-premises location through us-east4.

35.7%

Configure a Private NAT gateway instance in us-west1(172.16.1.0/24), europe-central1(172.16.2.0/24), and asia-southeast1(172.16.3.0/24). 2. Add the VPC as a spoke and configure an export include policy on the VPC spoke to advertise only the NAT subnets 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24 to the hub. 3. Enable global dynamic to allow resources in us-west1, us-central1, and asia-southeast1 to reach the on-premises location through us-east4.

Configure a Private NAT gateway instance in us-east4(192.168.1.0/24). 2. Add the VPC as a spoke and configure an export include policy on the VPC spoke to advertise 192.168.1.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1 and asia-southeast1 to reach the on-premises location through us-east4.

21.4%

Configure a Private NAT gateway instance in us-west1(192.168.1.0/24), europe-central1(192.168.2.0/24), and asia-southeast1(192.168.3.0/24). 2. Add the VPC as a spoke and configure an export exclude policy on the VPC spoke to advertise only the NAT subnets 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1, and asia-southeast1 to reach the on-premises location through us-east4.

21.4%