PROFESSIONAL-CLOUD-NETWORK-ENGINEER Question #73: Real Exam Question with Answer & Explanation

Question

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command. Which next hop should you choose?

Options

• AThe default internet gateway
• BThe IP address of the Cloud VPN gateway
• CThe name and region of the Cloud VPN tunnel
• DThe IP address of the instance on the remote side of the VPN tunnel

Explanation

When creating a static route in GCP that directs traffic through a Cloud VPN tunnel, the correct next-hop to specify is the Cloud VPN tunnel itself, identified by its name and region (e.g., --next-hop-vpn-tunnel [TUNNEL_NAME] --next-hop-vpn-tunnel-region [REGION]). GCP routes traffic into the tunnel, which handles the IPsec encapsulation and forwards it to the on-premises peer. Option A (default internet gateway) routes traffic to the public internet, not through the VPN. Option B (Cloud VPN gateway IP) is not a valid next-hop type for static routes in GCP. Option D (remote instance IP) is not reachable directly as a next-hop from the GCP routing perspective - the tunnel is the gateway to the remote side.

No community discussion yet for this question.