Topic 1 Question 115

Professional Cloud Network Engineer

Topic 1 Question 115
Your company has recently installed a Cloud VPN tunnel between your on-premises data center and your Google Cloud Virtual Private Cloud (VPC). You need to configure access to the Cloud Functions API for your on-premises servers. The configuration must meet the following requirements:

• Certain data must stay in the project where it is stored and not be exfiltrated to other projects. • Traffic from servers in your data center with RFC 1918 addresses do not use the internet to access Google Cloud APIs. • All DNS resolution must be done on-premises. • The solution should only provide access to APIs that are compatible with VPC Service Controls.

What should you do?
- 1. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.
  2. Create a CNAME record for *.googleapis.com that points to the A record.
  3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
  4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.
- 1. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.
  2. Create a CNAME record for *.googleapis.com that points to the A record.
  3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
  4. Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses.
- 1. Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range.
  2. Create a CNAME record for *.googleapis.com that points to the A record.
  3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
  4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.
- 1. Create an A record for private.googleapis.com using the 199.36.153.8/30 address range.
  2. Create a CNAME record for *.googleapis.com that points to the A record.
  3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record.
  4. Configure your on-premises firewalls to allow traffic to the private.googleapis.com addresses.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
  B it is.
  
  👍 4
  pfilourenco2022/12/03
- B it is, as we need to allow traffic on the firewall on-prem. As well, we have to use restricted due to compatibility
  
  👍 3
  playpacman2022/12/02
- B is right answer
  
  👍 2
  AzureDP9002022/12/11
シャッフルモード

ユーザの投票

コメント(4)