ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 118 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 118
Topic #: 1
[All Professional Cloud Security Engineer Questions]

You need to set up two network segments: one with an untrusted subnet and the other with a trusted subnet. You want to configure a virtual appliance such as a next-generation firewall (NGFW) to inspect all traffic between the two network segments. How should you design the network to inspect the traffic?

  • A. 1. Set up one VPC with two subnets: one trusted and the other untrusted. 2. Configure a custom route for all traffic (0.0.0.0/0) pointed to the virtual appliance.
  • B. 1. Set up one VPC with two subnets: one trusted and the other untrusted. 2. Configure a custom route for all RFC1918 subnets pointed to the virtual appliance.
  • C. 1. Set up two VPC networks: one trusted and the other untrusted, and peer them together. 2. Configure a custom route on each network pointed to the virtual appliance.
  • D. 1. Set up two VPC networks: one trusted and the other untrusted. 2. Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mouchu at May 18, 2022, 6:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mouchu
Highly Voted 2 years, 2 months ago
Answer = D Multiple network interfaces. The simplest way to connect multiple VPC networks through a virtual appliance is by using multiple network interfaces, with each interface connecting to one of the VPC networks. Internet and on-premises connectivity is provided over one or two separate network interfaces. With many NGFW products, internet connectivity is connected through an interface marked as untrusted in the NGFW software.
upvoted 11 times
mT3
2 years, 2 months ago
Agreed. Ref: For Cisco Firepower Threat Defense Virtual: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/gcp/ftdv-gcp-gsg/ftdv-gcp-intro.html
upvoted 2 times
AzureDP900
1 year, 9 months ago
Agree D. 1. Set up two VPC networks: one trusted and the other untrusted. 2. Configure a virtual appliance using multiple network interfaces, with each interface connected to one of the VPC networks.
upvoted 2 times
...
...
...
mikesp
Highly Voted 2 years, 2 months ago
Selected Answer: D
https://cloud.google.com/architecture/best-practices-vpc-design This architecture has multiple VPC networks that are bridged by an L7 next-generation firewall (NGFW) appliance, which functions as a multi-NIC bridge between VPC networks.
upvoted 5 times
...
rsamant
Most Recent 8 months ago
A, we need to define routing to divert all traffic through the network appliance https://cloud.google.com/architecture/architecture-centralized-network-appliances-on-google-cloud
upvoted 1 times
rsamant
8 months ago
no, B is the correct answer Use routing. In this approach, Google Cloud routes direct the traffic to the virtual appliances from the connected VPC networks
upvoted 1 times
...
...
desertlotus1211
11 months ago
I'm not sure id Answer D is the 'most' correct answer.... The subnet already exists... it didn't ask for a redesign.
upvoted 2 times
desertlotus1211
11 months ago
After reading again - the question is in fact asking to design the A network with those subnets... Answer D is correct. Sorry about that
upvoted 2 times
...
...
blacortik
11 months ago
Selected Answer: D
D, specifically addresses the design of using two VPC networks and connecting a virtual appliance (NGFW) with multiple interfaces, each connected to a different VPC network. This design allows the appliance to inspect and control the traffic between the trusted and untrusted segments effectively.
upvoted 2 times
...
zellck
1 year, 10 months ago
Selected Answer: D
D is the answer. https://cloud.google.com/architecture/best-practices-vpc-design#l7 This architecture has multiple VPC networks that are bridged by an L7 next-generation firewall (NGFW) appliance, which functions as a multi-NIC bridge between VPC networks. An untrusted, outside VPC network is introduced to terminate hybrid interconnects and internet-based connections that terminate on the outside leg of the L7 NGFW for inspection. There are many variations on this design, but the key principle is to filter traffic through the firewall before the traffic reaches trusted VPC networks.
upvoted 4 times
...
badrik
2 years, 1 month ago
Selected Answer: B
B , 100% !
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel