Topic 1 Question 125
You are designing a hybrid cloud environment. Your Google Cloud environment is interconnected with your on-premises network using HA VPN and Cloud Router in a central transit hub VPC. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88. You need to ensure that your Compute Engine resources in multiple spoke VPCs can resolve on-premises private hostnames using the domain corp.altostrat.com while also resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?
- Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC.
- Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
- Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
- Configure VPC peering in the spoke VPCs to peer with the hub VPC.
- Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.
- Associate the zone with the hub VPC. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke PCs, with the hub VPC as the target.
- Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
- Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC.
- Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
- Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
- Create a hub-and-spoke VPN deployment in each spoke VPC to connect back to the on-premises network directly.
- Create a private forwarding zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com that points to 192. 168.20.88. Associate the zone with the hub VPC.
- Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
- Sat a custom route advertisement on the Cloud Router for 35.199.192.0/19.
- Create a hub and spoke VPN deployment in each spoke VPC to connect back to the hub VPC.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: A
C and D is wrong, hub-and-spoke vpn deployment. B is wrong, when create forwarding zone is required associate zone with VPC, not after create.
A is complete, and correct.
100% A, I tested in my lab.
👍 7ccieman20162022/12/03 It is B. You don't need VPC network peering with spoke to make DNS hostname resolutions work.
👍 2asharma72023/02/20It's B in my opinion.
https://cloud.google.com/blog/products/networking/how-to-use-cloud-dns-peering-in-a-shared-vpc-environment/Cloud DNS peering is not to be confused with VPC peering, and it doesn’t require you to configure any communication between the source and destination VPC.
👍 2mikizenit2023/03/04
シャッフルモード