You are responsible for connectivity between AWS.

Google Professional-Cloud-Network-Engineer Full Course Access

Google Professional-Cloud-Network-Engineer View All Questions

Google Professional-Cloud-Network-Engineer Question Answer

You are responsible for connectivity between AWS. Google Cloud, and an on-premises data center. Soon, the application team will deploy a data replication service that will move approximately 900 TB of data between Google Cloud and AWS daily. This data is sensitive and must be encrypted in transit. Your data center already has connections to both AWS and Google Cloud through 10 Gbps circuits. You need to configure additional connectivity between these environments and ensure the highest performance and lowest latency to meet business requirements. You also need to keep the existing connectivity topology to the on-premises data center the same. What should you do?

(Q) • Deploy Cross-Cloud Interconnect connections between AWS and Google Cloud with 100 Gbps circuits.

• Create VLAN attachments in your VPC, configuring IPsec encryption on both sides of the connection.

• Use Cloud Router and BGP to exchange dynamic routes between AWS and Google Cloud.

Q • Deploy Dedicated Interconnect connections between Google Cloud and your on-premises data center with 100 Gbps circuits from Google Cloud to your on-premises data center.

• Deploy an AWS Direct Connect 100 Gbps circuit from AWS to your on-premises data center.

• Create VLAN attachments in your VPC, configuring IPsec encryption on both sides of the connection.

• Use Cloud Router and BGP to exchange dynamic routes between

Q • Deploy Dedicated Interconnect connections between Google Cloud and your on-premises data center with 100 Gbps circuits.

• Deploy an AWS Direct Connect 100 Gbps circuit from AWS to your on-premises data center as well.

• Create VLAN attachments in your VPC.

• Use Cloud Router and BGP to exchange dynamic routes between AWS, Google Cloud, and the on-premises data center.

• Remove the obsolete 10 Gbps circuits on Goo

Q • Deploy Cross-Cloud Interconnect connections between AWS and Google Cloud with 100 Gbps circuits.

• Enable MACsec for Cloud Interconnect on the circuits, and create VLAN attachments in your VPC.

• Use Cloud Router and BGP to exchange dynamic routes between AWS and Google Cloud.

Explanation:

The core requirement is to move a massive amount of sensitive data (900 TB daily) directly between Google Cloud and AWS with highest performance, lowest latency, and in-transit encryption, while maintaining existing on-premises connectivity.

Option A directly addresses this by recommending Cross-Cloud Interconnect with 100 Gbps circuits between AWS and Google Cloud. Cross-Cloud Interconnect is designed for high-throughput, low-latency connectivity between different cloud providers. The crucial part for sensitive data and encryption is "configuring IPsec encryption on both sides of the connection," as Cross-Cloud Interconnect itself provides a private path but not inherent encryption. Cloud Router and BGP are essential for dynamic route exchange. This option focuses on the direct cloud-to-cloud path for the high volume data transfer.

Options B and C involve upgrading the existing connections to the on-premises data center and routing all traffic through it. While this could work, it adds an unnecessary hop and likely higher latency for direct cloud-to-cloud traffic, making it less optimal for "highest performance and lowest latency" between clouds. Additionally, removing existing 10Gbps circuits is not necessary and might impact the existing topology if not done carefully.

Option D suggests MACsec, which provides Layer 2 encryption. While good for physical security, for data replication services with sensitive data, IPsec (Layer 3 encryption) is more commonly used and flexible for end-to-end encryption across a routed network, and is typically preferred for data integrity and confidentiality over an IP network. Also, MACsec requires specific hardware support and is typically implemented at the interconnect termination points, not necessarily end-to-end for an application. Given the sensitive nature of the data and the large volume, IPsec provides the necessary transport-level encryption.

Exact Extract:

"Cross-Cloud Interconnect enables direct connectivity between your Google Cloud VPC networks and other cloud provider networks. It provides high-bandwidth, low-latency connections, ideal for large-scale data transfers between clouds."

"For sensitive data, you can implement IPsec VPN tunnels over Cross-Cloud Interconnect connections to provide encryption in transit. This ensures data confidentiality and integrity over the dedicated interconnect."

"Cloud Router dynamically exchanges routes between your Google Cloud VPC network and your other cloud network over the Cross-Cloud Interconnect connection using BGP."Reference: Google Cloud Cross-Cloud Interconnect Documentation - Overview, Encryption options for hybrid connectivity

Professional-Cloud-Network-Engineer PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

buy now Professional-Cloud-Network-Engineer pdf

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Your company's web server administrator is migrating on-premises backend servers for an application to GCP.

(You need to migrate multiple PostgreSQL databases from your on-premises data center to Google Cloud.

Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

You are responsible for connectivity between AWS.

The Answer Is:

Explanation:

Quick Links