Google Cloud Professional Cloud Network Engineer — Question 153

Your company recently migrated to Google Cloud in a single region. You configured separate Virtual Private Cloud (VPC) networks for two departments: Department A and Department B. Department A has requested access to resources that are part of Department B's VPC. You need to configure the traffic from private IP addresses to flow between the VPCs using multi-NIC virtual machines (VMs) to meet security requirements. Your configuration also must:

• Support both TCP and UDP protocols
• Provide fully automated failover
• Include health-checks
• Require minimal manual intervention in the client VMs

Which approach should you take?

Answer options

• A. Create the VMs in the same zone, and configure static routes with IP addresses as next hops.
• B. Create the VMs in different zones, and configure static routes with instance names as next hops.
• C. Create an instance template and a managed instance group. Configure a single internal load balancer, and define a custom static route with the internal TCP/UDP load balancer as the next hop.
• D. Create an instance template and a managed instance group. Configure two separate internal TCP/UDP load balancers for each protocol (TCP/UDP), and configure the client VMs to use the internal load balancers’ virtual IP addresses.

Correct answer: C

Explanation

The correct answer is C because creating an instance template and a managed instance group with a single internal load balancer provides automated failover, health checks, and meets the requirement for minimal manual intervention. Options A and B fail to address the need for load balancing and health checks, while option D complicates the setup by requiring two separate load balancers, which is unnecessary for the scenario presented.