Google Cloud Professional Cloud Network Engineer — Question 110

Your company has separate Virtual Private Cloud (VPC) networks in a single region for two departments: Sales and Finance. The Sales department's VPC network already has connectivity to on-premises locations using HA VPN, and you have confirmed that the subnet ranges do not overlap. You plan to peer both VPC networks to use the same HA tunnels for on-premises connectivity, while providing internet connectivity for the Google Cloud workloads through Cloud NAT. Internet access from the on-premises locations should not flow through Google Cloud. You need to propagate all routes between the Finance department and on-premises locations. What should you do?

Answer options

• A. Peer the two VPCs, and use the default configuration for the Cloud Routers.
• B. Peer the two VPCs, and use Cloud Router’s custom route advertisements to announce the peered VPC network ranges to the on-premises locations.
• C. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router’s custom route advertisements to announce a default route to the on-premises locations.
• D. Peer the two VPCs. Configure VPC Network Peering to export custom routes from Sales and import custom routes on Finance's VPC network. Use Cloud Router’s custom route advertisements to announce the peered VPC network ranges to the on-premises locations.

Correct answer: D

Explanation

The correct answer is D because it ensures that the peered VPC networks share their custom routes, allowing for proper routing of traffic to and from the on-premises locations. Options A and B do not provide the necessary route propagation needed for the Finance department to access the on-premises locations. Option C does not correctly announce the peered VPC network ranges, which is critical for the intended connectivity.