Google Cloud Professional Cloud Network Engineer — Question 111

You are maintaining a Shared VPC in a host project. Several departments within your company have infrastructure in different service projects attached to the Shared VPC and use Identity and Access Management (IAM) permissions to manage the cloud resources in those projects. VPC Network Peering is also set up between the Shared VPC and a common services VPC that is not in a service project. Several users are experiencing failed connectivity between certain instances in different Shared VPC service projects and between certain instances and the internet. You need to validate the network configuration to identify whether a misconfiguration is the root cause of the problem. What should you do?

Answer options

• A. Review the VPC audit logs in Cloud Logging for the affected instances.
• B. Use Secure Shell (SSH) to connect to the affected Compute Engine instances, and run a series of PING tests to the other affected endpoints and the 8.8.8.8 IPv4 address.
• C. Run Connectivity Tests from Network Intelligence Center to check connectivity between the affected endpoints in your network and the internet.
• D. Enable VPC Flow Logs for all VPCs, and review the logs in Cloud Logging for the affected instances.

Correct answer: C

Explanation

The correct answer is C because using Connectivity Tests from Network Intelligence Center provides a comprehensive analysis of the connectivity status between the specified endpoints and the internet. Option A is incorrect as audit logs do not directly indicate connectivity issues. Option B, while useful for basic connectivity checks, does not offer the detailed insights needed for troubleshooting. Option D can help with logging data but does not proactively identify the misconfiguration affecting connectivity.