To enforce subnet-level isolation by routing traffic from instance-A (in one subnet) through a security appliance, instance-B (in another subnet), what should you do?

Options:
A. Create a more specific route than the system-generated subnet route, setting the next hop to instance-B without applying any tags.
B. Create a more specific route than the system-generated subnet route, setting the next hop to instance-B and applying a tag that matches instance-A.
C. Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

Exam-Like

Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.

25.0%

Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.

62.5%

Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.

0.0%

Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.

12.5%

Google Professional Cloud Network Engineer

Get started today

Comments