Topic 1 Question 71
You want to implement an IPSec tunnel between your on-premises network and a VPC via Cloud VPN. You need to restrict reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border Gateway Protocol (BGP). Which routing option should you choose?
Dynamic routing using Cloud Router
Route-based routing using default traffic selectors
Policy-based routing using a custom local traffic selector
Policy-based routing using the default local traffic selector
解説
ユーザの投票
コメント(14)
C is correct. A is incorrect because in on-prem is not BGP router
👍 13marekmatula20202020/11/09- 👍 2[Removed]2022/03/01
- 正解だと思う選択肢: C
Policy-based routing allows you to selectively apply routing policies based on defined criteria, such as source address, destination address, or protocol. In this scenario, you need to restrict reachability over the tunnel to specific local subnets, and you do not have a device capable of speaking Border Gateway Protocol (BGP). Therefore, you can create a custom local traffic selector for the on-premises subnets you want to allow traffic for, and then apply a policy to route traffic to these subnets over the Cloud VPN tunnel. Dynamic routing using Cloud Router (option A) is not applicable in this scenario as you do not have a device capable of speaking BGP. Route-based routing using default traffic selectors (option B) is not suitable because it does not allow for selective routing based on specific local subnets. Policy-based routing using the default local traffic selector (option D) is also not suitable because it would allow all traffic to flow over the VPN tunnel.
👍 2Komal6972023/03/30
シャッフルモード