Google Cloud Professional Cloud Network Engineer — Question 199

Your organization wants to deploy HA VPN over Cloud Interconnect to ensure encryption-in-transit over the Cloud Interconnect connections. You have created a Cloud Router and two encrypted VLAN attachments that have a 5 Gbps capacity and a BGP configuration. The BGP sessions are operational. You need to complete the deployment of the HA VPN over Cloud Interconnect. What should you do?

Answer options

• A. Create an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments. Configure the HA VPN Cloud Router, peer VPN gateway resources, and HA VPN tunnels. Use the same encrypted Cloud Router used for the Cloud Interconnect tier.
• B. Enable MACsec on Partner Interconnect.
• C. Enable MACsec for Cloud Interconnect on the VLAN attachments.
• D. Create an HA VPN gateway and associate the gateway with your two encrypted VLAN attachments. Create a new dedicated HA VPN Cloud Router, peer VPN gateway resources, and HA VPN tunnels.

Correct answer: D

Explanation

The correct answer is D because it specifies creating a new dedicated HA VPN Cloud Router, which is necessary for effective HA VPN deployment. Option A is incorrect as it suggests using the existing Cloud Router, which may not support the HA VPN configuration. Options B and C are not relevant to the process of setting up HA VPN over Cloud Interconnect.