Bird
Raised Fist0
GCPcloud~20 mins

VPC peering in GCP - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
VPC Peering Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Architecture
intermediate
2:00remaining
Understanding VPC Peering Connectivity

You have two VPC networks in Google Cloud: VPC-A and VPC-B. You create a VPC peering connection between them. Which statement best describes the connectivity after peering?

AInstances in VPC-A can communicate with instances in VPC-B using internal IPs without additional routes.
BInstances in VPC-A can communicate with instances in VPC-B only if you create custom routes manually.
CVPC peering allows communication only over public IP addresses between VPC-A and VPC-B.
DVPC peering automatically merges both VPCs into a single network with shared IP ranges.
Attempts:
2 left
💡 Hint

Think about how VPC peering connects networks internally.

security
intermediate
2:00remaining
Firewall Rules and VPC Peering

You have two peered VPCs in Google Cloud. You want to allow traffic from VPC-A to VPC-B instances on port 8080. What must you do to allow this traffic?

ACreate a firewall rule in VPC-A allowing egress on port 8080 to VPC-B's IP range.
BCreate a firewall rule in VPC-B allowing ingress on port 8080 from VPC-A's IP range.
CNo firewall rules are needed because VPC peering automatically allows all traffic.
DCreate firewall rules in both VPC-A and VPC-B allowing traffic on port 8080.
Attempts:
2 left
💡 Hint

Remember which side controls incoming traffic.

service_behavior
advanced
2:00remaining
Routing Behavior in VPC Peering

You have three VPCs: VPC-A, VPC-B, and VPC-C. VPC-A is peered with VPC-B, and VPC-B is peered with VPC-C. Can instances in VPC-A communicate directly with instances in VPC-C through VPC-B?

AYes, VPC peering supports transitive routing, so VPC-A can reach VPC-C through VPC-B.
BYes, but only if you configure custom routes in VPC-B to forward traffic.
CNo, VPC peering does not support transitive routing; VPC-A cannot reach VPC-C through VPC-B.
DNo, VPC peering disables all routing between peered networks.
Attempts:
2 left
💡 Hint

Think about whether VPC peering allows traffic to pass through a third VPC.

Configuration
advanced
2:00remaining
VPC Peering IP Range Overlap

You try to create a VPC peering connection between two VPCs, but the request fails. Both VPCs have overlapping IP ranges. What is the reason?

AVPC peering requires non-overlapping IP address ranges between peered VPCs.
BVPC peering requires both VPCs to be in the same region.
CVPC peering requires both VPCs to use the same IP range.
DVPC peering only works if one VPC uses public IPs and the other uses private IPs.
Attempts:
2 left
💡 Hint

Consider IP address conflicts in network connections.

Best Practice
expert
3:00remaining
Managing VPC Peering at Scale

You manage 10 VPCs in Google Cloud and want to enable communication between all of them. What is the best approach to connect all VPCs efficiently?

AUse transitive peering by chaining peering connections through one VPC.
BCreate peering connections between every pair of VPCs (full mesh).
CAssign the same IP range to all VPCs to simplify routing.
DUse a hub-and-spoke model with a shared VPC as the hub and peer all VPCs to it.
Attempts:
2 left
💡 Hint

Think about scalability and manageability of network connections.

Practice

(1/5)
1.

What is the main purpose of VPC peering in Google Cloud?

easy
A. To create a firewall rule between two networks
B. To connect two private networks securely without using the internet
C. To provide public internet access to virtual machines
D. To enable automatic backups of virtual machines

Solution

  1. Step 1: Understand VPC peering concept

    VPC peering connects two private networks directly, avoiding the public internet.

  2. Step 2: Compare options with concept

    Only To connect two private networks securely without using the internet describes secure private network connection without internet.

  3. Final Answer:

    To connect two private networks securely without using the internet -> Option B

  4. Quick Check:

    VPC peering = secure private network connection [OK]
Hint: VPC peering = private network connection, no internet needed [OK]
Common Mistakes:
  • Confusing VPC peering with firewall rules
  • Thinking VPC peering provides internet access
  • Assuming VPC peering is for backups
2.

Which of the following is the correct command to create a VPC peering connection from net-a to net-b in Google Cloud CLI?

gcloud compute networks peerings create PEERING_NAME --network=NETWORK --peer-network=PEER_NETWORK
easy
A. gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b
B. gcloud compute networks peerings create net-a --network=peer-ab --peer-network=net-b
C. gcloud compute networks peerings create net-b --network=net-a --peer-network=net-b
D. gcloud compute networks peerings create peer-ab --peer-network=net-a --network=net-b

Solution

  1. Step 1: Identify correct command syntax

    The command requires a peering name, the local network, and the peer network.

  2. Step 2: Match parameters to networks

    gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b correctly uses a peering name and assigns net-a as local network and net-b as peer network.

  3. Final Answer:

    gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b -> Option A

  4. Quick Check:

    Correct CLI syntax = gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b [OK]
Hint: Peering name first, then --network local, --peer-network remote [OK]
Common Mistakes:
  • Swapping --network and --peer-network values
  • Using network names as peering name
  • Omitting required flags
3.

Given two VPC networks net-a and net-b peered together, which of the following statements about routing is true?

1. Each network must create routes to the other's IP ranges.
2. Routes are automatically shared by default.
3. Peering allows communication only if firewall rules permit.
4. Peering replaces the need for VPN connections.
medium
A. Only statement 2 and 3 are true
B. Only statement 1 and 3 are true
C. Only statement 1 and 2 are true
D. Only statement 3 and 4 are true

Solution

  1. Step 1: Analyze routing and firewall requirements

    VPC peering automatically shares subnet routes by default. Firewall rules still control traffic.

  2. Step 2: Evaluate statements

    Statement 1 is false (no manual route creation needed). Statements 2 and 3 are true. Statement 4 is not accurate (peering and VPN serve different purposes).

  3. Final Answer:

    Only statement 2 and 3 are true -> Option A

  4. Quick Check:

    Routes auto + firewall needed [OK]
Hint: Routes automatically shared; firewall rules still apply [OK]
Common Mistakes:
  • Thinking routes must be manually created
  • Ignoring firewall rules in peering
  • Thinking peering always replaces VPN
4.

You created a VPC peering between net-a and net-b, but instances in net-a cannot reach instances in net-b. What is the most likely cause?

medium
A. The peering connection was created only on net-a side
B. The peering connection was created with the wrong peering name
C. The VPC networks have overlapping IP ranges
D. Firewall rules in net-b block incoming traffic from net-a

Solution

  1. Step 1: Check common connectivity issues in VPC peering

    Firewall rules must allow traffic between peered networks; blocking rules prevent communication.

  2. Step 2: Evaluate other options

    Wrong peering name or one-sided peering would prevent peering creation. Overlapping IP ranges prevent peering setup itself.

  3. Final Answer:

    Firewall rules in net-b block incoming traffic from net-a -> Option D

  4. Quick Check:

    Firewall blocking = connectivity failure [OK]
Hint: Check firewall rules first when peering connectivity fails [OK]
Common Mistakes:
  • Ignoring firewall rules as cause
  • Assuming peering auto-fixes IP conflicts
  • Thinking peering is one-sided
5.

You have two VPC networks, net-a with CIDR 10.0.0.0/16 and net-b with CIDR 10.0.0.0/16. You want to peer them to share resources privately. What is the best approach?

hard
A. Create VPC peering directly between net-a and net-b despite overlapping CIDRs
B. Use VPN instead of VPC peering to connect the networks
C. Change one network's CIDR to a non-overlapping range before peering
D. Use shared VPC instead of peering for overlapping CIDRs

Solution

  1. Step 1: Understand CIDR overlap restrictions in VPC peering

    VPC peering requires non-overlapping IP ranges to route traffic correctly.

  2. Step 2: Choose solution for overlapping CIDRs

    Changing one network's CIDR to a non-overlapping range allows peering. VPN or shared VPC are alternatives but not direct peering solutions.

  3. Final Answer:

    Change one network's CIDR to a non-overlapping range before peering -> Option C

  4. Quick Check:

    Non-overlapping CIDRs required for peering [OK]
Hint: Peering needs unique IP ranges; change CIDR if overlapping [OK]
Common Mistakes:
  • Trying to peer overlapping CIDRs directly
  • Confusing VPN with peering
  • Ignoring shared VPC as different concept