Practice Test 1 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
A social media company wants to deploy an Intrusion Detection and Prevention (IDS/IPS) as part of its network in Google Cloud. The network will have a DMZ VPC and three other VPCs. The other three VPCs will have no direct link to the internet. All internet-bound traffic from the three VPCs must flow through the IDS/IPS appliance in the DMZ VPC to the internet.
What should you do?
A. Create a custom route in the DMZ VPC for internet-bound traffic that points to the IDS/IPS network interface
B. Create the IDS/IPS instance with four network interfaces, with one interface per VPC in the network
C. Create the IDS/IPS instance with three network interfaces, with one interface in each of the three VPCs in the network
D. Create a custom route, in each VPC except in the DMZ VPC, for internet-bound traffic that points to the IDS/IPS network interface
E. Delete the default route and create a custom route, in each VPC except in the DMZ VPC, for internet-bound traffic that points to the IDS/IPS network interface
Correct Answers: B and E
- Option A is incorrect. The DMZ VPC would have internet connectivity, so a custom route is not necessary.
- Option B is correct. The IDS/IPS instance will have multiple NICs. Each NIC should be placed in a separate VPC. There are 4 VPCs so the IDS/IPS needs to have 4 NICs.
- Option C is incorrect. The IDS/IPS instance will have multiple NICs. Each NIC should be placed in a separate VPC. There are 4 VPCs so the IDS/IPS needs to have 4 NICs.
- Option D is incorrect. Without deleting the default route, the three VPCs will still have direct internet access.
- Option E is correct Each of the three VPCs need a custom route for the destination 0.0.0.0/0 that has the next hop as the NIC of the IDS/IPS. Deleting the default route will ensure each of the three VPCs does not have direct internet access.
References:
Comments are closed, but trackbacks and pingbacks are open.