Google Cloud Professional Cloud Network Engineer — Question 180

Your company's current network architecture has two VPCs that are connected by a dual-NIC instance that acts as a bump-in-the-wire firewall between the two VPCs. Flows between pairs of subnets across the two VPCs are working correctly. Suddenly, you receive an alert that none of the flows between the two VPCs are working anymore. You need to troubleshoot the problem. What should you do? (Choose two.)

Answer options

• A. Verify that a VPC Service Controls perimeter has not been enabled for the project that contains the two VPCs and the dual-NIC instance.
• B. Use Cloud Logging to verify that there were no modifications to the VPC firewall rules or policies that were applied to the two network interfaces of the dual-NIC instance.
• C. Verify that a public IP address has not been assigned to any network interface of the dual-NIC instance.
• D. Verify that the dual-NIC instance has the --can-Ip-Forward attribute enabled.
• E. Verify that the dual-NIC instance has not been added to a backend service.

Correct answer: B, D

Explanation

Option B is correct because checking Cloud Logging for changes to firewall rules is crucial to identify if any configurations have affected the flows. Option D is also correct since the --can-Ip-Forward attribute must be enabled for the instance to route traffic properly. The other options either address unrelated concerns or are less likely to directly impact the flow issues between the VPCs.