Google Cloud Professional Cloud Network Engineer — Question 242

You are troubleshooting connectivity issues between Google Cloud and a public SaaS provider. The connectivity between the two environments is through the public internet. Your users are reporting intermittent connection errors when using TCP to connect; however, ICMP tests show no failures. According to users, errors occur around the same time every day. You want to troubleshoot and gather information by using Google Cloud tools that are most likely to provide insights to what is occurring within Google Cloud. What should you do?

Answer options

• A. Create a Connectivity Test. Review the results for configuration issues in the VPC routing table.
• B. Enable and review Cloud Logging for Cloud Armor. Look for logs with errors that match the destination IP address of the public SaaS provider.
• C. Enable and review Cloud Logging on your Cloud NAT Gateway. Look for logs with errors that match the destination IP address of the public SaaS provider.
• D. Enable the Firewall Insights API. Set the Deny rule insights observation period to one day. Review Insight results to assure there are no firewall rules denying traffic.

Correct answer: C

Explanation

The correct answer is C because enabling Cloud Logging on the Cloud NAT Gateway allows you to capture detailed logs related to outbound traffic, which is essential for understanding the TCP connection issues your users are facing. Options A, B, and D do not specifically address the NAT Gateway's role in public internet connectivity, making them less relevant for troubleshooting this particular scenario.