Professional Cloud Network Engineer Exam QuestionsBrowse all questions from this exam
Go to Exam

Professional Cloud Network Engineer Exam - Question 166

You are designing a packet mirroring policy as part of your network security architecture for your gaming workload. Your infrastructure is located in the us-west2 region and deployed across several zones: us-west2-a, us-west2-b, and us-west2-c. The infrastructure is running a web-based application on TCP ports 80 and 443 with other game servers that utilize the UDP protocol. You need to deploy packet mirroring policies and collector instances to monitor web application traffic while minimizing inter-zonal network egress costs.

Following Google-recommended practices, how should you deploy the packet mirroring policies and collector instances?

Show Answer
Correct Answer: CD

In this scenario, you want to minimize inter-zonal egress costs while monitoring web application traffic. Since the infrastructure is deployed across multiple zones, it is essential to have packet mirroring policies and collector instances in each zone to keep the mirroring traffic local. This approach will avoid the additional costs incurred from inter-zonal traffic. Therefore, the correct approach is to create three packet mirroring policies—one for each zone—and three corresponding groups of collector instances, with each policy designed to capture traffic within its zone using instance-tags and a filter for TCP traffic.

Discussion

6 comments
Sign in to comment
desertlotus1211Option: C
Mar 14, 2024

Answer is C. You need to use tags. D is incorrect

GoReplyGCPExamOption: B
Feb 8, 2024

To deploy packet mirroring policies and collector instances following Google-recommended practices while minimizing inter-zonal network egress costs, we need to consider the requirements and best practices outlined in the scenario. Given that the infrastructure is deployed across multiple zones within the us-west2 region and that the goal is to monitor web application traffic while minimizing egress costs, the most appropriate approach would be to consolidate collector instances and policies to cover the entire region. Option B seems to align with this approach

GoReplyGCPExam
Feb 8, 2024

It offers Single Policy for the Region, Single Group of Collector Instances,Matching Traffic for Web Server Instances, Filter for TCP Traffic

gonlaferOption: B
Feb 19, 2024

Should not be inter-zonal egress cost. So I'd go now for B

gonlaferOption: D
Feb 19, 2024

To me, D makes sense to minimize the egress traffic across zones, which is one requirement.

Positron75Option: C
May 28, 2024

Wouldn't it be C if we want to minimize data egress costs between zones? C and D are the only options that create packet mirroring policies and collector instances in each zone, and instance tags sound like a better (more specific) option than subnets. Both A and B would result in additional egress costs as with only one group of collector instances for the whole region, all the mirrored data has to be travel between zones. From the documentation (https://cloud.google.com/vpc/docs/packet-mirroring#key_properties): "The cost of Packet Mirroring varies depending on the amount of egress traffic traveling from a mirrored instance to an instance group and whether the traffic travels between zones." Seems to me like C is the only one that minimizes this cost.

anshad666Option: B
Jun 28, 2024

Policy created based on region , not based Zone