ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 32 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 32
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You work for a multinational enterprise that is moving to GCP.
These are the cloud requirements:
"¢ An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary
HQ) and us-east4 (backup)
"¢ Multiple regional offices in Europe and APAC
"¢ Regional data processing is required in europe-west1 and australia-southeast1
"¢ Centralized Network Administration Team
Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering. You want to deploy the appliance in us- west1.
What should you do?

  • A. "¢ Create 2 VPCs in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Host Project. "¢ Attach NIC0 in VPC #1 us-west1 subnet of the Host Project. "¢ Attach NIC1 in VPC #2 us-west1 subnet of the Host Project. "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • B. "¢ Create 2 VPCs in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Service Project. "¢ Attach NIC0 in VPC #1 us-west1 subnet of the Host Project. "¢ Attach NIC1 in VPC #2 us-west1 subnet of the Host Project. "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • C. "¢ Create 1 VPC in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Host Project. "¢ Attach NIC0 in us-west1 subnet of the Host Project. "¢ Attach NIC1 in us-west1 subnet of the Host Project "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
  • D. "¢ Create 1 VPC in a Shared VPC Service Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Service Project. "¢ Attach NIC0 in us-west1 subnet of the Service Project. "¢ Attach NIC1 in us-west1 subnet of the Service Project "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ESP_SAP at Nov. 2, 2020, 4:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ESP_SAP
Highly Voted 4 years, 3 months ago
Correct Answer is (A): You cannot attach 2 NICs of same appliance to same VPC. The two NICs must be attached to different VPCs. It cant be C or D because you need 2 VPCs. https://cloud.google.com/vpc/docs/create-use-multiple-interfaces Each interface is attached to a different VPC network, giving that instance access to different VPC networks in Google Cloud Platform (GCP). You cannot attach multiple network interfaces to the same VPC network. It can't be B because you need to deploy the appliances in HOST Project to achieve CENTRALIZED NETWORK ADMINISTRATION
upvoted 33 times
AzureDP900
2 years, 2 months ago
Agreed
upvoted 1 times
...
walkwolf3
3 years, 1 month ago
Shared networks should be created in the host project, while shared instances should be created in the service project and connected to shared networks to communicated with other parties. Answer B is correct.
upvoted 1 times
...
seddy
3 years, 8 months ago
Yeah, but I believe the Centralized network Administration refers to 'Shared VPC' in general, not to creating the workload in the Host project. By creating a shared VPC, we are centralizing the networking aspect in the first place. Then, it's a best practice to separate the workload by creating the instance in the service project. So, I believe the answer should be B!
upvoted 6 times
BenMS
1 year, 1 month ago
It's my understanding that network equipment should always be implemented in the Host project of a Shared VPC. The fact this scenario is installing a compute instance is not relevant, as the purpose of that instance is to manage the network. Therefore A is the right answer.
upvoted 1 times
...
...
desertlotus1211
3 years, 1 month ago
You're mistaken VPC and VPC Networks. 'A project that participates in Shared VPC is either a host project or a service project: A host project contains one or more Shared VPC networks'... Each VPC Network has subnets.... The appliance NIC can attach to each subnet... The answers are misleading as it says 'VPC' do they mean VPC Network OR literally another VPC - which in any event is another set of network subnets... There is no need for TWO VPC Networks... therefore Answer is C. Thoughts?
upvoted 1 times
desertlotus1211
3 years, 1 month ago
Unless they refer to VPC as a subnet - which is dumb ;)
upvoted 1 times
...
...
...
saraali
Most Recent 5 months, 3 weeks ago
Selected Answer: A
The correct option is A. Because Shared VPC Host Project is the best approach for centralized network management and security policies. Here, the security appliance requires two network interfaces (NICs) for inspecting and filtering traffic between different VPCs or subnets. In this setup, you can create a 2-NIC instance in us-west1 (your primary region) in the Host Project. Each NIC is attached to a different VPC subnet within the Host Project, allowing traffic to be inspected as it flows between different subnets or VPCs. Now you will configure routes and firewall rules to ensure traffic flows through the appliance for L7 inspection before proceeding to the destination.
upvoted 1 times
...
Hetavi
1 year, 8 months ago
https://medium.com/google-cloud/google-cloud-shared-vpc-b33e0c9dd320 ....based on this answer is B , the VM to be configured in service project. The host project is used for routes and FW rules.
upvoted 1 times
...
pk349
2 years ago
A. "¢ Create 2 VPCs in a Shared VPC Host Project. "¢ Configure a 2-NIC instance in zone us-west1-a in the Host Project. "¢ Attach NIC0 in VPC #1 us-west1 subnet of the Host Project. "¢ Attach NIC1 in VPC #2 us-west1 subnet of the Host Project. "¢ Deploy the instance. "¢ Configure the necessary routes and firewall rules to pass traffic through the instance.
upvoted 1 times
...
desertlotus1211
2 years, 4 months ago
Answer is A: https://cloud.google.com/vpc/docs/multiple-interfaces-concepts#third-party
upvoted 2 times
...
GCP72
2 years, 5 months ago
Selected Answer: A
Correct Answer is A
upvoted 1 times
...
kapara
2 years, 7 months ago
Selected Answer: A
This explains why A is the correct answer : https://cloud.google.com/architecture/best-practices-vpc-design#multi-nic
upvoted 1 times
...
Luvero
3 years ago
A the appliance will be deployed in Host project and to have 2 NICs you need 2 VPCs here is an error if you deploy the appliance with both NICs on same VPC {"ResourceType":"compute.v1.instance","ResourceErrorCode":"INVALID_USAGE","ResourceErrorMessage":"Networks must be distinct for NICs attached to a VM."}
upvoted 1 times
...
kumarp6
3 years, 1 month ago
Answer is : A
upvoted 1 times
...
matmuh
3 years, 1 month ago
Answer is B. Why not option A? Because installing all projects on the shared vpc host project does not comply with google's best practices.
upvoted 2 times
gcpengineer
1 year, 5 months ago
how the traffic will traverse with service proj?
upvoted 1 times
...
...
densnoigaskogen
3 years, 8 months ago
C should be the answer. It's about using 3rd party appliances in a Shared VPC network scenario. "Centralized Anetwork Administration Team" indicates that we need to have contralised control for network resources( such as, subnets, routes, firewall rules), a single VPC in shared VPC Host project is the best choice of architecure. In a shared VPC network, we can create a VM with mulitple network interfaces attaching to different subnets, which represent different networks. Reference: https://cloud.google.com/vpc/docs/multiple-interfaces-concepts#third-party
upvoted 2 times
densnoigaskogen
3 years, 8 months ago
Reviewed the question again, my answer is wrong. A should be the answer. The reasons to create 2 VPCs in the shared VPC Host project can be: - meet the requirements of primary and backup redundancy for interconnect towards the Data centers in Oregon and New york. Each VPC should represent a On-prem Data Center. - each VM NIC needs to be attached to a VPC, as we can not attach multiple network interfaces of a VM to the same VPC network. B is not correct, because the L7 virutal application needs to be deployed in Host project to bridge between those 2 VPCs, so that it can inspects both traffic coming from interconnects (us-west1 and us-east4) and internet-based connections (Europe and APAC) Additonal ref: https://cloud.google.com/architecture/best-practices-vpc-design#single-host-project-multiple-service-projects-single-shared-vpc
upvoted 3 times
...
...
WakandaF
3 years, 9 months ago
So! will be A or B?
upvoted 1 times
...
Vidyasagar
3 years, 10 months ago
B is correct
upvoted 4 times
...
majun
4 years, 2 months ago
The correct answer should be B. In the shared VPC scenario, Host Project is the deployment of the VPC network, and Service Project is the deployment of the instance. https://cloud.google.com/vpc/docs/shared-vpc
upvoted 3 times
ThisisJohn
3 years, 2 months ago
Definitely, as Hybrid_Cloud_boy says, you can deploy instances into a host project, as per the example below: Stateful L7 firewall between VPC networks https://cloud.google.com/architecture/best-practices-vpc-design#l7
upvoted 1 times
...
Hybrid_Cloud_boy
4 years, 1 month ago
You can absolutely deploy instances into a host project - This is incorrect. A is the right answer.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel