Exam Professional Cloud Network Engineer topic 1 question 98 discussion

A and D no make sense for me, because Cloud NAT is manage service by GCP, adjusts theses especific parameter, non sense. B is wrong, you cannot adjust firewall rules. for me, letter C is correct.

Option C is correct because adding a default static route to the VPC with the default internet gateway as the next hop, the network tag associated with the Compute Engine instances, and a higher priority than the priority of the default route to the VPN tunnel, will ensure that the traffic from the Compute Engine instances that needs to reach the internet will go through the Cloud NAT gateway, which is the default internet gateway in this case.

According to a Google Cloud documentation, Cloud NAT allows VM instances without external IP addresses and private GKE clusters to send outbound packets to the internet and receive any corresponding established inbound response packets. However, Cloud NAT does not work if a VM has a route that directs its outbound traffic through a VPN tunnel. Therefore, the correct answer is C. Add a default static route to the VPC with the default internet gateway as the next hop, the network tag associated with the Compute Engine instances, and a higher priority than the priority of the default route to the VPN tunnel. This option allows you to override the default route that directs all traffic through the VPN tunnel for only those instances that have a specific network tag. This way, those instances can use Cloud NAT for their outbound traffic.

C should be the correct one

A. https://cloud.google.com/nat/docs/overview#specs-timeouts