Answer-first summary for fast verification
Answer: Policy-based routing using a custom local traffic selector
The question requires restricting reachability over the VPN tunnel to specific local (Google Cloud) subnets without using BGP. Policy-based VPNs use traffic selectors to define which CIDR ranges are allowed through the tunnel. Option C (Policy-based routing with a custom local traffic selector) allows specifying exact local subnets, ensuring only traffic from those subnets is permitted. Dynamic routing (A) requires BGP, which is unavailable. Route-based with default traffic selectors (B) uses 0.0.0.0/0, allowing all traffic. Policy-based with default selectors (D) also allows all local subnets, which doesn't meet the requirement. Thus, the correct choice is C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to establish an IPSec tunnel between your on-premises network and a VPC using Cloud VPN. The tunnel must limit reachability to specific local subnets, and your on-premises device does not support Border Gateway Protocol (BGP).
Which routing option should you select?
A
Dynamic routing using Cloud Router
B
Route-based routing using default traffic selectors
C
Policy-based routing using a custom local traffic selector
D
Policy-based routing using the default local traffic selector
No comments yet.