Google Cloud Professional Cloud Network Engineer — Question 234

Your organization wants to deploy HA VPN over Cloud Interconnect to ensure encryption-in-transit over the Cloud Interconnect connections. You have created a Cloud Router and two VLAN attachments. The BGP sessions are operational. You need to complete the deployment of the HA VPN over Cloud Interconnect. What should you do?

Answer options

• A. Create an HA VPN gateway and associate the gateway with your two VLAN attachments. Use the existing Cloud Router for HA VPN, the peer VPN gateway resources, and the HA VPN tunnels.
• B. Create an HA VPN gateway and associate the gateway with your two VLAN attachments. Create a new Cloud Router for HA VPN, the peer VPN gateway resources, and the HA VPN tunnels.
• C. Enable MACsec on the VLAN attachments.
• D. Enable MACsec on Partner Cloud Interconnect.

Correct answer: B

Explanation

The correct answer is B because creating a new Cloud Router specifically for HA VPN ensures that all configurations are optimized for high availability. Option A incorrectly suggests using the existing Cloud Router, which may not be suitable for the HA VPN setup. Options C and D are irrelevant as they pertain to MACsec, which does not complete the HA VPN deployment.