Topic 1 Question 44
In order to provide subnet level isolation, you want to force instance-A in one subnet to route through a security appliance, called instance-B, in another subnet. What should you do?
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with no tag.
Create a more specific route than the system-generated subnet route, pointing the next hop to instance-B with a tag applied to instance-A.
Delete the system-generated subnet route and create a specific route to instance-B with a tag applied to instance-A.
Move instance-B to another VPC and, using multi-NIC, connect instance-B's interface to instance-A's network. Configure the appropriate routes to force traffic through to instance-A.
ユーザの投票
コメント(17)
It is B for me: https://cloud.google.com/vpc/docs/routes#subnet-routes Custom static routes can apply to all instances or specific instances. Static routes with a tag attribute apply to instances that have that same network tag. If the route doesn't have a network tag, the route applies to all instances in the network.
👍 21gless2020/12/14The ANSWER should be D, You can not put a third part appliance(firewall) within a VPC, it has to be 2 seperate VPC and with a multi nic VM this scenario is achievable.
👍 4LEGCPLele2022/03/12The answer is 200 % D by elimination method. 1)It cannot be A or B because you are not allowed to create a more specific route than subnet route 2)You are not allowed to remove a subnet route. The only way to do so is by deleting the subnet itself. Thus, by elimination the answer is D.
👍 3seddy2021/05/13
シャッフルモード