Topic 1 Question 42
You want to configure a NAT to perform address translation between your on-premises network blocks and GCP. Which NAT solution should you use?
Cloud NAT
An instance with IP forwarding enabled
An instance configured with iptables DNAT rules
An instance configured with iptables SNAT rules
解説
Reference: https://cloud.google.com/nat/docs/overview
ユーザの投票
コメント(17)
It couldn't be A. Cause Cloud NAT is just an outbound NAT and can not DNAT the unsolicited incoming traffic from On-Prem to GCP. In order to intercept ,translate and forward an incoming session into GCP we need to provide additional DNAT rules on an intermediate GCP instance. So the answer will be C I guess.
👍 20rezavage2020/10/01The question is vague. It says 'between on-premise and GCP' BUT it doesn't tell you the direction - who is the source and who is the destination. It could either one! BUT this is a GCP test - why should we need to know about on-premise issues? [just being devil advocate].
Answer A seems 'more' right.
The likelihood GCP would need something from on-premise is possible - such as patches/updates/etc...
This is probably what the questions asking as well as in this video:
https://www.youtube.com/watch?v=bmaarG0IkH8 Listen at about to 1min mark.
Answer is A...
👍 4desertlotus12112021/12/28- 正解だと思う選択肢: A
It is not said it is VPN connection, so we must assume it is traffic between public IPs. GCP recommends to use Cloud NAT. Even if we go with instance machine we need to reserve public IP, enable ip forwarding (b) AND make SNAT for egress connections in iptables (c) AND make DNAT for ingress connections(d). Questions sounds like bidirectional communication. Why it cannot be VPN? Because prefixes and routes are configured on Cloud Router. It is not even possible to bind Cloud NAT and Router together with VPN. It is A or B,C,D (all 3, because it acts like a reverse proxy)
👍 4lxs2022/02/04
シャッフルモード