PROFESSIONAL-CLOUD-NETWORK-ENGINEER Question #212: Real Exam Question with Answer & Explanation

Question

Your organization has resources in two different VPCs, each in different Google Cloud projects, which require connectivity between them. You have already determined that there is no IP address overlap; however, one VPC uses privately used public IP (PUPI) ranges. You would like to enable connectivity between these resources by using a lower cost and higher performance method. What should you do?

Options

• ACreate a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route
• BCreate a HA VPN between the two VPCs that includes the PUPI ranges in the Custom Route
• CCreate a VPC Peering between the two VPCs that allows the export and import of custom routes.
• DCreate a VPC Peering between the two VPCs that allows the export and import of subnet routes

Explanation

VPC Network Peering is the lower-cost, higher-performance alternative to HA VPN for inter-VPC connectivity within Google Cloud - it uses Google's internal network fabric without encryption overhead or VPN gateway costs. Since there is no IP address overlap, peering is viable. Privately used public IP (PUPI) ranges assigned directly to VPC subnets are treated as subnet routes (not custom routes). VPC Peering automatically exchanges subnet routes between peered VPCs, but for PUPI subnet routes to be advertised correctly across the peering, you must explicitly enable export and import of subnet routes that include those ranges. Option D correctly specifies subnet route export/import. Option C incorrectly specifies 'custom routes', which applies to static/dynamic routes, not subnet-level PUPI ranges. Options A and B describe HA VPN, which is more expensive and lower performance than peering for this use case.

No community discussion yet for this question.