Google Cloud Professional Cloud Architect — Question 94

You want to establish a Compute Engine application in a single VPC across two regions. The application must communicate over VPN to an on-premises network.
How should you deploy the VPN?

Answer options

• A. Use VPC Network Peering between the VPC and the on-premises network.
• B. Expose the VPC to the on-premises network using IAM and VPC Sharing.
• C. Create a global Cloud VPN Gateway with VPN tunnels from each region to the on-premises peer gateway.
• D. Deploy Cloud VPN Gateway in each region. Ensure that each region has at least one VPN tunnel to the on-premises peer gateway.

Correct answer: D

Explanation

The correct answer is D because deploying a Cloud VPN Gateway in each region allows for redundancy and ensures that there is continuous connectivity to the on-premises network. Other options are incorrect as VPC Network Peering (A) does not provide VPN capabilities, IAM and VPC Sharing (B) do not facilitate VPN connections, and a global Cloud VPN Gateway (C) is not suitable for regional deployments requiring direct tunnels.