Google Cloud Professional Cloud Network Engineer — Question 218

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. Connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights to what is occurring within Google Cloud. What should you do?

Answer options

• A. Enable and review Cloud Logging for Cloud Armor. Look for logs with errors matching the destination IP address of the public SaaS provider.
• B. Enable and review Cloud Logging on your Cloud NAT gateway. Look for logs with errors matching the destination IP address of the public SaaS provider.
• C. Enable the Firewall Insights API. Set the deny rule insights observation period to one day. Review the insights to assure there are no firewall rules denying traffic.
• D. Create a Connectivity Test by using TCP, the source IP address of your test VM, and the destination IP address of the public SaaS provider. Review the live data plane analysis and take the next steps based on the test results.

Correct answer: B

Explanation

The correct answer is B because enabling Cloud Logging on the Cloud NAT gateway allows you to track outbound connections and identify any issues related to connectivity to the public SaaS provider. Options A and C are not relevant as they focus on Cloud Armor and firewall rules, which are less likely to be the cause of intermittent TCP issues. Option D, while useful for testing connectivity, does not gather logs or insights from Google Cloud that could explain the intermittent errors experienced by users.