GCP Professional Cloud Architect Practice Question
A retailer needs to extend two on-premises data centers to Google Cloud for development workloads that generate less than 200 Mbit/s of traffic. Traffic must be encrypted in transit, routes must be exchanged dynamically with the campuses' BGP-enabled routers, and the company wants an SLA of at least 99.9 percent with automatic failover between tunnels while keeping costs well below a private interconnect. Which connectivity design best meets the requirements?
Create a regional HA VPN gateway, establish two IPsec tunnels (one per interface) to the on-premises routers, and attach a Cloud Router to exchange routes with BGP.
Order Partner Interconnect with redundant VLAN attachments and use Cloud Router for BGP; enable IPSec tunnels on the on-premises routers only if encryption is later required.
Deploy Classic Cloud VPN with one policy-based IPsec tunnel to each data center and configure static routes on both sides.
Provision two 10 Gbps Dedicated Interconnect circuits in a link bundle to separate Google Cloud regions and rely on firewall rules for security.
HA VPN is the only Cloud VPN configuration that provides two redundant tunnels on separate interfaces, supports BGP through Cloud Router, encrypts all traffic with IPsec, and carries a 99.99 percent service-availability SLA when both tunnels are up. Classic Cloud VPN meets the encryption requirement but its 99.9 percent SLA and single-tunnel design fall short of the desired availability and fail-over behavior. Partner or Dedicated Interconnect deliver higher bandwidth but at a higher cost and do not provide built-in encryption; each would require additional IPsec devices. Therefore, an HA VPN gateway paired with Cloud Router is the most appropriate low-cost hybrid option that satisfies all stated constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HA VPN?
Open an interactive chat with Bash
How does BGP in Cloud Router work?
Open an interactive chat with Bash
Why is Classic Cloud VPN not preferred here?
Open an interactive chat with Bash
What is HA VPN in Google Cloud?
Open an interactive chat with Bash
What does BGP do in a Cloud Router setup?
Open an interactive chat with Bash
How do HA VPN and Classic VPN differ?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing and provisioning a solution infrastructure
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .