Topic 1 Question 170
2 つ選択You are configuring your organization's Google Cloud environment to connect to your on-premises network, which does not support Border Gateway Protocol (BGP). Your on-premises network has 30 CIDR ranges that must be reachable from Google Cloud. Your VPN gateway creates a unique child security association (SA) per CIDR. You must ensure that the 30 CIDR ranges in your on-premises network are reachable from Google Cloud.
Following Google-recommended practices, which two methods can you use to accomplish this?
Create a single Cloud VPN tunnel that uses route-based VPN.
Create a single Cloud VPN tunnel that uses policy-based routing with 30 CIDRs as the remote traffic selectors.
Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to unique peer IP addresses.
Create multiple Cloud VPN tunnels that use policy-based routing with 10 CIDR per tunnel as the remote traffic selectors.
Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to the same peer IP address.
ユーザの投票
コメント(7)
- 👍 3dev622024/02/26
- 正解だと思う選択肢: AC
The documentation points towards A+C: https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing?hl=en#route-alignment
For A: "Use a route-based VPN. Both traffic selectors are 0.0.0.0/0 by definition for route-based VPNs. You can create routes that are more specific than the traffic selectors."
For C: "Use policy-based routing to create multiple Cloud VPN tunnels so that each tunnel only has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. (...) Your peer VPN gateway must offer separate external IP addresses to which each Cloud VPN tunnel can connect. Tunnels on the same Classic VPN gateway must connect to unique peer gateway IP addresses."
👍 3Positron752024/04/08 - 正解だと思う選択肢: AC
The correct methods are options A and C.
👍 2[Removed]2024/02/08
シャッフルモード