Google Cloud Professional Cloud Network Engineer — Question 177

Your organization has resources in two different VPCs, each in different Google Cloud projects, which require connectivity between them. You have already determined that there is no IP address overlap; however, one VPC uses privately used public IP (PUPI) ranges. You would like to enable connectivity between these resources by using a lower cost and higher performance method. What should you do?

Answer options

• A. Create a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route Advertisements of the Cloud Router. Create the necessary ingress VPC firewall rules that target the specific resources by using network tags as the source filter.
• B. Create a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route Advertisements of the Cloud Router. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.
• C. Create a VPC Peering between the two VPCs that allows the export and import of custom routes. Create the necessary ingress VPC firewall rules that target the specific resources by using service accounts as the source filter.
• D. Create a VPC Peering between the two VPCs that allows the export and import of subnet routes with public IP addresses. Create the necessary ingress VPC firewall rules that target the specific resources by using IP ranges as the source filter.

Correct answer: D

Explanation

The correct answer is D because VPC Peering is an efficient method for connecting VPCs that allows for the exchange of subnet routes, accommodating the public IP addresses needed for connectivity. Options A and B involve HA VPN, which is typically more costly and less performant than VPC Peering for this scenario, while option C does not correctly address the use of public IP address routes necessary for the connection.