Exam Professional Cloud Network Engineer topic 1 question 89 discussion

B and D is wrong, VPC routing mode global is default, not necessary to changed. C is wrong, no make sense additional cloud router. in my opinion, Letter A is sure.

❌ B. Change VPC routing mode to global + advertise routes Changing VPC routing mode to global is unnecessary because you are already in the same region (us-west1). The issue is route advertisement via VPC Peering, not VPC routing mode. ❌ C. Create an additional Cloud Router in us-west2 + BGP peering There is no need to create another Cloud Router in a different region (us-west2) when everything is already in us-west1. BGP peering is already established with your current Cloud Router. ❌ D. Change VPC routing mode to global + modify peering Changing the routing mode alone will not fix the issue. You still need to advertise the Cloud SQL IP range via Cloud Router, which this option does not mention.

Correct Answer: Option A Reason: This option ensures that the routes for Cloud SQL are properly advertised to the on-premises network, allowing the developer team to access the Cloud SQL instance. The change to VPC routing mode is not required, but modifying the peering and enabling route import/export is the correct solution.

Can someone explain to me where this question mentions VPC peering or more than one VPC for that matter? "You are the network administrator responsible for hybrid connectivity at your organization. Your developer team wants to use Cloud SQL in the us-west1 region in your Shared VPC. You configured a Dedicated Interconnect connection and a Cloud Router in us-west1, and the connectivity between your Shared VPC and on-premises data center is working as expected. You just created the private services access connection required for Cloud SQL using the reserved IP address range and default settings. However, your developers cannot access the Cloud SQL instance from on-premises. You want to resolve the issue. What should you do?" Going with B.

#B is the ans

A is correct. This question is about "Private services access and on-premises connectivity". See this link, https://cloud.google.com/vpc/docs/private-services-access#on-premises-connectivity By default, on-premises hosts can't reach the service producer's network by using private services access. In the VPC network, you might have custom static or dynamic routes to correctly direct traffic to your on-premises network. However, the service producer's network doesn't contain those same routes. When you create a private connection, the VPC network and service producer network exchange subnet routes only. You must export the VPC network's custom routes so that the service provider's network can import them and correctly route traffic to your on-premises network. Update the VPC peering configuration associated with the private connection to export custom routes. Then, https://cloud.google.com/vpc/docs/using-vpc-peering#update-peer-connection Updating a peering connection can import and export custom routes.

A and D is wrong for me. With private services access the connection between consumer and producer uses VPC Network Peering.Because the connection between the consumer and the producer is made using VPC Network Peering, you don’t need to import and export routes. Subnet routes that don't use privately used public IP addresses are always exchanged between peered VPC networks. I go throught B because when I create VPC the default routing mode is Regional. Don't you ?

A Here is very similar case: https://cloud.google.com/database-migration/docs/mysql/configure-connectivity-vpns#dynamic-routes

• A. 1. Modify the VPC Network ***** Peering connection used for Cloud SQL, and enable the import and export of routes. 2. Create a custom route ***** advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

A is right https://cloud.google.com/network-connectivity/docs/router/concepts/overview#route-advertisement

In my opinion you do not have any control over the VPC peering for PSA. You will need to do a custom advert though, from your VPC onwards to on-premises.

A is the correct.