GCP Professional Cloud Architect Practice Question
A retail company runs core services in an Amazon VPC (10.10.0.0/16) and is deploying new micro-services in a Google Cloud VPC (10.20.0.0/16). They have two weeks to create private connectivity between the clouds, must use only the public internet for transport, want automatic exchange of new subnet routes on both sides, and the business requires a 99.99 % availability SLA for the link. Which Google Cloud networking design best meets these requirements?
Deploy a single HA VPN gateway in one Google Cloud region with two interfaces in separate zones, establish two IPSec tunnels to an AWS Transit Gateway VPN attachment, and enable BGP routing with Cloud Router.
Provision a 10 Gbps Dedicated Interconnect circuit to an AWS Direct Connect location and connect the two VPCs using Private Service Connect endpoints.
Create one Classic Cloud VPN tunnel from the Google Cloud VPC to an AWS Virtual Private Gateway and configure static routes for all current CIDR blocks.
Set up VPC Network Peering between the Google Cloud VPC and the Amazon VPC and add a Cloud NAT gateway in Google Cloud for bidirectional traffic.
The only Google Cloud option that both reaches a non-Google cloud over the public internet and carries a 99.99 % SLA is an HA VPN gateway configured with at least two active tunnels that use BGP. HA VPN uses Cloud Router to exchange routes dynamically, so new subnets that are added in either environment are learned automatically. Classic Cloud VPN is limited to a 99.9 % SLA and requires static routes unless you add separate BGP tunnels, while VPC Network Peering works only between Google Cloud VPCs. Dedicated Interconnect and Private Service Connect cannot terminate directly into AWS and would require additional cross-connect providers, which violates the constraint of using only the public internet. Cloud NAT provides outbound translation only and does not create bidirectional private connectivity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does HA VPN provide a 99.99% SLA compared to Classic VPN's 99.9%?
Open an interactive chat with Bash
What is BGP and why is it necessary for automatic route exchange?
Open an interactive chat with Bash
Why can't Dedicated Interconnect or Private Service Connect meet the requirements?
Open an interactive chat with Bash
What is an HA VPN gateway, and why is it used in this solution?
Open an interactive chat with Bash
What is BGP, and how does it facilitate dynamic route exchange?
Open an interactive chat with Bash
Why are other options, like Dedicated Interconnect or VPC Network Peering, unsuitable for this scenario?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing and provisioning a solution infrastructure
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .