Topic 1 Question 27
You are designing a shared VPC architecture. Your network and security team has strict controls over which routes are exposed between departments. Your Production and Staging departments can communicate with each other, but only via specific networks. You want to follow Google-recommended practices. How should you design this topology?
Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.
解説
Reference: https://cloud.google.com/vpc/docs/shared-vpc
ユーザの投票
コメント(11)
D is the answer. The question wants us to follow Google's recommended practice, keeping it simply is one of the key best practices. Thus, creating ONLY 1 Shared VPC in the host project makes it easier to centralize and manage network resources (such as subnets, routes, and security rules) for the attached service VPCs.
👍 9densnoigaskogen2021/05/18Correct Answer (D):
Building on the initial reference architecture, Shared VPC host projects and multiple service projects let administrators delegate administrative responsibilities—such as creating and managing instances—to Service Project Admins while maintaining centralized control over network resources like subnets, routes, and firewalls.
👍 5ESP_SAP2020/11/01D is correct
👍 2Vidyasagar2021/03/23
シャッフルモード