Answer-first summary for fast verification
Answer: Create a VPC Peering between the two VPCs that allows the export and import of subnet routes with public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.
The question requires a lower cost and higher performance connectivity solution between two VPCs in different projects. VPC Peering is preferred over HA VPN as it is cheaper and offers better performance. Since there's no IP overlap and the PUPI ranges are part of the subnets, VPC Peering automatically exchanges subnet routes (including PUPI ranges) by default. Firewall rules must allow traffic using IP ranges as the source filter because the PUPI ranges are public IPs used privately, and service accounts cannot be referenced across projects. Option D correctly configures firewall rules with IP ranges, though the mention of 'export/import of subnet routes with public IP addresses' is redundant (subnet routes are already exchanged by default).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you establish connectivity between resources in two separate VPCs (each in different Google Cloud projects) with non-overlapping IP ranges—where one VPC uses privately used public IP (PUPI) ranges—using a cost-effective and high-performance method?
A
Create a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route Advertisements of the Cloud Router. Create the necessary ingress VPC firewall rules that target the specific resources by using network tags as the source filter.
B
Create a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route Advertisements of the Cloud Router. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.
C
Create a VPC Peering between the two VPCs that allows the export and import of custom routes. Create the necessary ingress VPC firewall rules that target the specific resources by using service accounts as the source filter.
D
Create a VPC Peering between the two VPCs that allows the export and import of subnet routes with public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.
No comments yet.