Google Cloud Professional Cloud Network Engineer — Question 217

You are configuring an Application Load Balancer. The backend resides in your on-premises data center and is connected by Dedicated Interconnect. You need to ensure the load balancer can reference these on-premises resources. You do not want the traffic to traverse the internet at all. What should you do?

Answer options

• A. Configure an internet network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
• B. Configure a zonal network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.
• C. Configure a hybrid network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the proxy-only subnet.
• D. Configure a Private Service Connect network endpoint group (NEG) as a backend service as part of the load balancer. Ensure firewalls are opened for the client source IPs.

Correct answer: C

Explanation

The correct answer is C, as a hybrid network endpoint group (NEG) allows the load balancer to connect to on-premises resources over Dedicated Interconnect without routing traffic through the internet. Options A and B are incorrect because they use types of NEGs that are not suited for this scenario, and D is not applicable since Private Service Connect is not the right choice for direct on-premises connectivity.