Google Cloud Network Engineer Exam: Deploying Virtual Inline Security Appliance in us-west1

Deploying Virtual Inline Security Appliance in us-west1

Prev Question Next Question

Question

You work for a multinational enterprise that is moving to GCP.

These are the cloud requirements: " An on-premises data center located in the United States in Oregon and New York with Dedicated Interconnects connected to Cloud regions us-west1 (primary HQ) and us-east4 (backup) " Multiple regional offices in Europe and APAC " Regional data processing is required in europe-west1 and australia-southeast1 " Centralized Network Administration Team Your security and compliance team requires a virtual inline security appliance to perform L7 inspection for URL filtering.

You want to deploy the appliance in us- west1

What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The correct answer for this question is option A.

Explanation:

To deploy the virtual inline security appliance in us-west1, we need to create two VPCs in a Shared VPC Host Project. The reason for creating a shared VPC is to enable the centralized Network Administration Team to manage network resources across different projects and VPCs. The two VPCs will be used to separate traffic between the primary HQ in us-west1 and the backup location in us-east4.

The steps to deploy the virtual inline security appliance are as follows:

  1. Create two VPCs in a Shared VPC Host Project:
  • The first VPC will be used for the primary HQ in us-west1, and the second VPC will be used for the backup location in us-east4.
  • The VPCs should be created in the Shared VPC Host Project, which will be used to manage all network resources.
  • The VPCs should be configured with subnets in the us-west1 and us-east4 regions, respectively.
  1. Configure a 2-NIC instance in zone us-west1-a in the Host Project:
  • The 2-NIC instance will be used to host the virtual inline security appliance.
  • The instance should be configured with two network interfaces (NICs), one for each VPC.
  • The instance should be deployed in the us-west1 region, in zone us-west1-a.
  1. Attach NIC0 in VPC #1 us-west1 subnet of the Host Project:
  • NIC0 should be attached to the first VPC, which will be used for the primary HQ in us-west1.
  • NIC0 should be attached to a subnet in the us-west1 region.
  1. Attach NIC1 in VPC #2 us-west1 subnet of the Host Project:
  • NIC1 should be attached to the second VPC, which will be used for the backup location in us-east4.
  • NIC1 should be attached to a subnet in the us-east4 region.
  1. Deploy the instance:
  • Once the instance is properly configured, it can be deployed in the us-west1 region.
  1. Configure the necessary routes and firewall rules to pass traffic through the instance:
  • To pass traffic through the instance, we need to configure routes and firewall rules that allow traffic to flow between the VPCs and the virtual inline security appliance.
  • This can be done by creating appropriate routes and firewall rules in the Host Project.

Option B is incorrect because the instance should be deployed in the Host Project, not the Service Project.

Option C is incorrect because we need two VPCs to separate traffic between the primary HQ and backup location.

Option D is incorrect because we need two VPCs to separate traffic between the primary HQ and backup location.

Prev Question Next Question