Question-35: You are employed by Capgemini as a Senior Solution Architect, and you have decided to solve cloud-based Network designing by using the services of a networking consultant. Your firm is using Google Cloud for one of its projects, and it has three Virtual Private Clouds (VPCs). On each Virtual Private Cloud (VPC), there is an instance of Google Compute Engine. Subnets do not overlap one another and must be kept distinct at all times. The setup of the network is shown down below. The first instance, which is an exception, is required to interact directly with both instances two and three using their respective internal IP addresses. What steps should you take to complete this task?
A. Create a cloud router to advertise subnet #2 and subnet #3 to subnet #1.
B. Add two additional NICs to Instance #1 with the following configuration: “NIC1-VPC: VPC #2 -SUBNETWORK: subnet #2� NIC2 -VPC: VPC #3 - SUBNETWORK: subnet #3 Update firewall rules to enable traffic between instances.
C. Create two VPN tunnels via CloudVPN: “ 1 between VPC #1 and VPC #2. “1 between VPC #2 and VPC #3. Update firewall rules to enable traffic between the instances.
D. Peer all three VPCs: “ Peer VPC #1 with VPC #2. “ Peer VPC #2 with VPC #3. Update firewall rules to enable traffic between the instances.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 2 Explanation: The requirement stipulates that only VM1 should be able to connect with VM2 and VM3, but that VM2 should not be able to communicate with VM3. We can rule out choice 4, as that choice would also make it possible for VM2 to communicate with VM3; if the quiz taker wanted to ensure that choice 4 was the correct response, he would only need to set up two peerings: one between VM1 and VM2, and another between VM1 and VM3, for each of the VPCs. Therefore, we can rule out choice 4. We are also able to rule out option c) since there is no relationship between VPC1 and VPC3. Choice 1 is not a viable option. Therefore, the only option that seems to be valid is Option 2, which states that the default firewall rules permit such a connection (maybe some restrictive rules are implemented - not enough details in the question to clarify that part). When an individual instance requires access to more than one VPC network, but you don't want to link both networks directly, use multiple network interfaces instead of directly connecting the networks.