Answer-first summary for fast verification
Answer: Configure a hybrid network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
To reference on-premises resources connected via Dedicated Interconnect without internet traversal, a hybrid network endpoint group (NEG) must be used. Hybrid NEGs are designed for backends outside GCP, such as on-premises systems connected via VPN or Interconnect. The Application Load Balancer (ALB) uses Envoy proxies in a proxy-only subnet to forward traffic to the on-premises backend. Therefore, the on-premises firewalls must allow traffic originating from the proxy-only subnet's IP range. Options A and B are incorrect because internet/zonal NEGs are for public or zonal GCP resources. Option D is for Private Service Connect, which is unrelated to on-premises backends.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are setting up an Application Load Balancer with backend services located in your on-premises data center, connected via Dedicated Interconnect. To allow the load balancer to reference these on-premises resources without any internet traffic traversal, what should you do?
A
Configure an internet network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
B
Configure a zonal network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.
C
Configure a hybrid network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
D
Configure a Private Service Connect network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.
No comments yet.