Explanation:
The question requires restricting reachability over the VPN tunnel to specific local (Google Cloud) subnets without using BGP. Policy-based VPNs use traffic selectors to define which CIDR ranges are allowed through the tunnel. Option C (Policy-based routing with a custom local traffic selector) allows specifying exact local subnets, ensuring only traffic from those subnets is permitted. Dynamic routing (A) requires BGP, which is unavailable. Route-based with default traffic selectors (B) uses 0.0.0.0/0, allowing all traffic. Policy-based with default selectors (D) also allows all local subnets, which doesn't meet the requirement. Thus, the correct choice is C.
Ultimate access to all questions.
No comments yet.
You need to establish an IPSec tunnel between your on-premises network and a VPC using Cloud VPN. The tunnel must limit reachability to specific local subnets, and your on-premises device does not support Border Gateway Protocol (BGP).
Which routing option should you select?
A
Dynamic routing using Cloud Router
B
Route-based routing using default traffic selectors
C
Policy-based routing using a custom local traffic selector
D
Policy-based routing using the default local traffic selector