Google Cloud Professional Cloud Network Engineer — Question 157

You are a network administrator at your company planning a migration to Google Cloud and you need to finish the migration as quickly as possible. To ease the transition, you decided to use the same architecture as your on-premises network: a hub-and-spoke model. Your on-premises architecture consists of over 50 spokes. Each spoke does not have connectivity to the other spokes, and all traffic is sent through the hub for security reasons. You need to ensure that the Google Cloud architecture matches your on-premises architecture. You want to implement a solution that minimizes management overhead and cost, and uses default networking quotas and limits. What should you do?

Answer options

• A. Connect all the spokes to the hub with Cloud VPN.
• B. Connect all the spokes to the hub with VPC Network Peering.
• C. Connect all the spokes to the hub with Cloud VPN. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.
• D. Connect all the spokes to the hub with VPC Network Peering. Use a third-party network appliance as a default gateway to prevent connectivity between the spokes.

Correct answer: C

Explanation

The correct answer is C because using Cloud VPN allows for secure connections between the spokes and the hub while maintaining isolation among the spokes through a third-party appliance. Options A and B do not provide the necessary isolation between spokes, and D, although it uses VPC Network Peering, would not meet the requirement for the default networking structure and isolation needed for security.