Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
How should you configure VPC routing to enable network virtual appliances (NVAs) to inspect traffic between frontend and backend subnets, given that the NVAs act as full network proxies with source NAT for allowed traffic, and all resources are within the same VPC?
How should you configure VPC routing to enable network virtual appliances (NVAs) to inspect traffic between frontend and backend subnets, given that the NVAs act as full network proxies with source NAT for allowed traffic, and all resources are within the same VPC?
Exam-Like
A
Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add the global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the backend VM subnet, destination IP range of the frontend VM subnet, and the next hop of ILB1. Scope the PBR to the VMs with the backend network tag. Add a backend network tag to your backend servers.
33.3%
B
Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ILB1. Add a frontend network tag to your frontend VMs.
Comments
Loading comments...