Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Google Exam Professional Cloud Network Engineer Topic 3 Question 83 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 83
Topic #: 3
[All Professional Cloud Network Engineer Questions]

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

The correct answer is D because it meets the following requirements:

It matches the hub-and-spoke model of the on-premises network, where each spoke is a separate VPC network that is connected to a central hub VPC network.

It minimizes management overhead and cost, because VPC Network Peering is a simple and low-cost way to connect VPC networks without using any external IP addresses or VPN gateways1.

It uses default networking quotas and limits, because VPC Network Peering does not consume any quota or limit for VPN tunnels, external IP addresses, or forwarding rules2.

It prevents connectivity between the spokes, because VPC Network Peering is non-transitive by default, meaning that a spoke can only communicate with the hub, not with other spokes1.To enforce this restriction, a third-party network appliance can be used as a default gateway in each spoke VPC network, which can filter out any traffic destined for other spokes3.

Option A is incorrect because it does not minimize cost, as Cloud VPN charges for egress traffic and requires external IP addresses for the VPN gateways4.Option B is incorrect because it does not prevent connectivity between the spokes, as VPC Network Peering allows direct communication between peered VPC networks by default1. Option C is incorrect because it does not minimize cost or use default quotas and limits, for the same reasons as option A.


VPC Network Peering overview | VPC

Quotas and limits | VPC

Hub-and-spoke network architecture | Cloud Architecture Center

Cloud VPN overview | Google Cloud

Contribute your Thoughts:

Arlette
6 months ago
Option C is the way to go, man. Gotta keep those spokes on a tight leash, ya know?
upvoted 0 times
Raul
5 months ago
Yeah, using a third-party network appliance as a default gateway is a smart move to prevent connectivity between the spokes.
upvoted 0 times
...
Felicitas
5 months ago
Option C is the way to go, man. Gotta keep those spokes on a tight leash, ya know?
upvoted 0 times
...
Magnolia
5 months ago
Yeah, using a third-party network appliance as a default gateway is a smart move to prevent connectivity between the spokes.
upvoted 0 times
...
Fabiola
5 months ago
Option C is the way to go, man. Gotta keep those spokes on a tight leash, ya know?
upvoted 0 times
...
Rozella
6 months ago
Definitely, it will help prevent connectivity between the spokes and maintain security.
upvoted 0 times
...
Timothy
6 months ago
Yeah, using a third-party network appliance as a default gateway sounds like a good idea.
upvoted 0 times
...
Trina
6 months ago
Option C is the way to go, man. Gotta keep those spokes on a tight leash, ya know?
upvoted 0 times
...
...
Shala
7 months ago
Ah, the classic hub-and-spoke dilemma. I'd go with Option B - VPC Network Peering is probably the easiest to manage.
upvoted 0 times
Vanna
6 months ago
I agree, VPC Network Peering seems like the most efficient option for this scenario.
upvoted 0 times
...
Augustine
6 months ago
Option B sounds like the best choice. It's simple and easy to manage.
upvoted 0 times
...
...
Lanie
7 months ago
Option D looks promising, but I wonder if the management overhead might be higher than expected with the third-party appliance.
upvoted 0 times
...
Sage
7 months ago
I think Option C is the way to go here. Using a third-party appliance as a default gateway is a clever way to prevent unwanted connectivity.
upvoted 0 times
...
Tamra
7 months ago
Option A seems the most straightforward, but I'm not sure if it'll be the most cost-effective in the long run.
upvoted 0 times
Barbra
5 months ago
B) Connect all the spokes to the hub with VPC Network Peering.
upvoted 0 times
...
Eden
5 months ago
A) Connect all the spokes to the hub with Cloud VPN.
upvoted 0 times
...
Augustine
6 months ago
B) Connect all the spokes to the hub with VPC Network Peering.
upvoted 0 times
...
Hyman
6 months ago
B) Connect all the spokes to the hub with VPC Network Peering.
upvoted 0 times
...
Salome
6 months ago
A) Connect all the spokes to the hub with Cloud VPN.
upvoted 0 times
...
Lisbeth
6 months ago
B) Connect all the spokes to the hub with VPC Network Peering.
upvoted 0 times
...
Hector
6 months ago
A) Connect all the spokes to the hub with Cloud VPN.
upvoted 0 times
...
Charlene
6 months ago
B) Connect all the spokes to the hub with VPC Network Peering.
upvoted 0 times
...
Avery
6 months ago
A) Connect all the spokes to the hub with Cloud VPN.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77