Free Google Cloud Architect Actual Exam Questions - Question 15 Discussion
A large enterprise is migrating all its production workloads to Google Cloud. The security team insists that all outbound internet traffic from the VPC network be inspected by their proprietary, on-premises Intrusion Detection System (IDS) before leaving the Google network. What networking feature must be implemented?
Option A seems off since it only mentions a firewall VM inside Google Cloud, not routing through on-prem IDS. D just manages NAT, so it won't force traffic through external inspection. Could B still be the only real choice?
B imo, it’s the only one that explicitly routes traffic through on-prem IDS via VPN or Interconnect.
B feels right since it forces traffic through on-prem IDS before exiting Google.
Maybe B makes most sense here since it directs outbound traffic through the on-prem IDS using a custom route, which fits the requirement to inspect everything before leaving Google Cloud. The other options don’t guarantee that inspection.
B imo since multi-region plus global load balancing beats just zones or DNS tricks.
B/C? B is solid because it uses multi-region and global load balancing, which fits the high availability and low latency need. C’s DNS-based approach might not route traffic as efficiently as a global load balancer.
Option D seems off because Cloud Run doesn’t support TCP/IP load balancers, just HTTP(S). Also, option A sounds like a trap since Cloud Run automatically handles multi-zone redundancy-you don’t have to manually deploy to multiple zones. The real deal should involve multiple regions for better global availability. Is B’s approach with serverless NEGs and global HTTP(S) Load Balancer the right way to get the best latency and availability? C’s DNS-based solution might not provide as smooth failover as a real load balancer. Thoughts on how region choice impacts latency here?