ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 109 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 109
Topic #: 1
[All Professional Cloud Network Engineer Questions]

You recently deployed Compute Engine instances in regions us-west1 and us-east1 in a Virtual Private Cloud (VPC) with default routing configurations. Your company security policy mandates that virtual machines (VMs) must not have public IP addresses attached to them. You need to allow your instances to fetch updates from the internet while preventing external access. What should you do?

  • A. Create a Cloud NAT gateway and Cloud Router in both us-west1 and us-east1.
  • B. Create a single global Cloud NAT gateway and global Cloud Router in the VPC.
  • C. Change the instances’ network interface external IP address from None to Ephemeral.
  • D. Create a firewall rule that allows egress to destination 0.0.0.0/0.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AzureDP900 at Nov. 30, 2022, 11:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ccieman2016
Highly Voted 2 years, 2 months ago
Selected Answer: A
100% sure for A: B) wrong, cloud nat is regional (https://cloud.google.com/nat/docs/overview#specifications) C) wrong, there's security policy this scenario block associate external IP D) no make sense, this is default setup, not necessary allow outbound rule.
upvoted 8 times
...
desertlotus1211
Most Recent 11 months, 2 weeks ago
Answer is A: https://cloud.google.com/nat/docs/gce-example#create-nat "You must create the Cloud Router in the same region as the instances that use Public NAT. Cloud Router is only used to place NAT information onto the VMs. It is not used as part of the actual NAT gateway."
upvoted 1 times
...
dragos_dragos62000
1 year ago
Selected Answer: A
Answer A!
upvoted 1 times
...
mcjim
1 year, 8 months ago
Selected Answer: A
Why do you need a cloud router here? Cloud NAT is correct, but I don't see any reason to include the router in the solution.
upvoted 1 times
kfietsam
1 year, 5 months ago
You configure a NAT gateway on a Cloud Router, which provides the control plane for NAT, holding configuration parameters that you specify https://cloud.google.com/nat/docs/overview
upvoted 1 times
...
...
pk349
2 years ago
• A. Create a Cloud NAT gateway and Cloud Router in both ***** us-west1 and us-east1. When you create a Cloud NAT gateway, you can choose to have the gateway automatically allocate regional external IP addresses. Alternatively, you can manually assign a fixed number of regional external IP addresses to the gateway. For details about each method, see NAT IP addresses.
upvoted 1 times
...
AzureDP900
2 years, 2 months ago
A is right https://youtu.be/bmaarG0IkH8 Please watch this video and understand how Cloud NAT works, It is regional
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel