GCP Professional Cloud Architect Practice Question
corp-vpc is a custom VPC with RFC-1918 subnets. A static route for 172.20.0.0/16 (priority 900, next hop firewall VM) already exists. After you connect the on-prem network 172.20.0.0/16 via Cloud VPN and Cloud Router (dynamic route priority 1000, next hop VPN tunnel), VM traffic to 172.20.10.5 still goes to the firewall, breaking connectivity. You must restore reachability without deleting the firewall VM or changing its IP. What should you do?
Delete the subnet routes for the firewall VM's interface so that only the VPN tunnel remains as a next hop.
Disable route advertisement on the Cloud Router and manually create a more specific /24 static route for 172.20.10.0/24 pointing to the VPN tunnel.
Increase the priority value of the existing static route to a number higher than 1000 so that the dynamically learned VPN route is preferred.
Convert the dynamically learned VPN route into a custom static route with the same priority of 1000 to override the firewall route.
Google Cloud first selects the route with the most specific prefix. Because both routes advertise 172.20.0.0/16, prefix length ties. The next tiebreaker is the numeric priority, where lower numbers win. The existing static route's priority of 900 beats the dynamic VPN route's 1000, so packets are sent to the firewall VM. Raising the static route's priority to a value higher than 1000 (for example, 1100) causes the VPN route (still 1000) to become preferred, sending traffic through the tunnel. Deleting subnet routes or disabling advertisements would remove desired reachability, and creating a separate /24 static route adds unnecessary operational overhead. Converting the dynamic route to static does not change priority ordering. Adjusting the static route's priority-by deleting and recreating it-solves the problem while leaving the firewall VM untouched.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
ELI5: What is a VPC in Google Cloud?
Open an interactive chat with Bash
Why does route priority matter in Google Cloud networking?
Open an interactive chat with Bash
What is the role of Cloud Router in dynamic routing?
Open an interactive chat with Bash
What is an RFC-1918 subnet?
Open an interactive chat with Bash
How does route priority work in Google Cloud?
Open an interactive chat with Bash
What is the role of a Cloud Router in a VPN setup?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Designing and planning a cloud solution architecture
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .