Google Exam Professional Cloud Network Engineer Topic 8 Question 88 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam

Question #: 88
Topic #: 8

[All Professional Cloud Network Engineer Questions]

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible, To ease the transition, you decided to use the same architecture as your on-premises network' a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic IS sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

AConnect all the spokes to the hub with Cloud VPN.

BConnect all the spokes to the hub with VPC Network Peering.

CConnect all the spokes to the hub With Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes

DConnect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

Show Suggested Answer

Suggested Answer: D

The correct answer is D because it meets the following requirements:

It matches the hub-and-spoke model of the on-premises network, where each spoke is a separate VPC network that is connected to a central hub VPC network.

It minimizes management overhead and cost, because VPC Network Peering is a simple and low-cost way to connect VPC networks without using any external IP addresses or VPN gateways1.

It uses default networking quotas and limits, because VPC Network Peering does not consume any quota or limit for VPN tunnels, external IP addresses, or forwarding rules2.

It prevents connectivity between the spokes, because VPC Network Peering is non-transitive by default, meaning that a spoke can only communicate with the hub, not with other spokes1.To enforce this restriction, a third-party network appliance can be used as a default gateway in each spoke VPC network, which can filter out any traffic destined for other spokes3.

Option A is incorrect because it does not minimize cost, as Cloud VPN charges for egress traffic and requires external IP addresses for the VPN gateways4.Option B is incorrect because it does not prevent connectivity between the spokes, as VPC Network Peering allows direct communication between peered VPC networks by default1. Option C is incorrect because it does not minimize cost or use default quotas and limits, for the same reasons as option A.

VPC Network Peering overview | VPC

Quotas and limits | VPC

Hub-and-spoke network architecture | Cloud Architecture Center

Cloud VPN overview | Google Cloud

by Francis at Jul 15, 2024, 10:58 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alexis

3 months ago

Option C is the way to go! Gotta love that third-party network appliance - it's like a bouncer for your cloud network, keeping the spokes in line.

upvoted 0 times

Erick

3 months ago

Definitely! It's important to maintain the same level of security in the cloud as in the on-premises network.

upvoted 0 times

...

Marylyn

3 months ago

Agreed! Using a third-party network appliance adds an extra layer of security to prevent unwanted connectivity between the spokes.

upvoted 0 times

...

Meaghan

3 months ago

Option C is the way to go! Gotta love that third-party network appliance - it's like a bouncer for your cloud network, keeping the spokes in line.

upvoted 0 times

...

Wilbert

3 months ago

Hmm, I'm torn between Option C and D. Both seem viable, but I think I'd lean towards D to minimize management overhead and stay within the default networking quotas.

upvoted 0 times

...

Letha

3 months ago

I'd go with Option D. VPC Network Peering is more cost-effective than VPN, and the third-party network appliance will ensure the same level of control as the on-premises setup.

upvoted 0 times

...

Reid

3 months ago

I see your point, maybe Cloud VPN is the way to go for this migration.

upvoted 0 times

...

Merlyn

3 months ago

Option C seems like the most straightforward solution to match the on-premises architecture. Using a third-party network appliance as a default gateway is a clever way to prevent connectivity between the spokes.

upvoted 0 times

Felicitas

3 months ago

Yes, it's crucial to ensure a smooth transition while keeping security a top priority.

upvoted 0 times

...

Amina

3 months ago

I agree, it's important to maintain the same security measures in the cloud migration.

upvoted 0 times

...

Margarita

3 months ago

Using a third-party network appliance as a default gateway is a clever way to prevent connectivity between the spokes.

upvoted 0 times

...

Gertude

3 months ago

Option C seems like the most straightforward solution to match the on-premises architecture.

upvoted 0 times

...

Samira

3 months ago

I agree with Shawnna, Cloud VPN seems like the most straightforward and cost-effective option.

upvoted 0 times

...

Shawnna

4 months ago

But with Cloud VPN, we can easily connect all the spokes without additional configuration.

upvoted 0 times

...

Reid

4 months ago

I disagree, I believe option B) Connect all the spokes to the hub with VPC Network Peering is the better choice.

upvoted 0 times

...

Shawnna

4 months ago

I think we should go with option A) Connect all the spokes to the hub with Cloud VPN.

upvoted 0 times

...