Practice Test 3 | Google Cloud Certified Professional Cloud Network Engineer | Dumps | Mock Test
A hybrid connection has just been setup between GCP and your company’s on-premises network using Cloud VPN and Cloud Router. You try pinging a GCE Instance in GCP from a VM on-premises but it failed.
Which of the following could be a possible reason? Choose two.
A. A Cloud Armor security policy is denying the traffic.
B. There is no firewall rule to allow incoming ICMP traffic from the on-premises network.
C. The implied allow egress rule which permits outgoing ICMP traffic from your GCP network has been overridden.
D. There is no route in GCP to the on-premises network.
Answer: B & C
Option A is incorrect, cloud armor is used with the HTTPS Load balancer and not Cloud VPN.
Option B is correct, an ingress firewall rule that allows ICMP (all traffic) from the on- premises network is needed.
Option C is correct, an egress firewall rule that allows ICMP (all traffic) to the on-premises network is needed.
Option D is incorrect. Using Cloud Router and Cloud VPN means routes are dynamically added to GCP and the on-premises router.
https://cloud.google.com/network-connectivity/docs/vpn/support/troubleshooting highlights troubleshooting issues in Cloud VPN.
Comments are closed, but trackbacks and pingbacks are open.