Topic 1 Question 25

Professional Cloud Security Engineer

Topic 1 Question 25
Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection. The networking resources will need to be controlled by the network security team. Which type of networking design should your team use to meet these requirements?
- Shared VPC Network with a host project and service projects
- Grant Compute Admin role to the networking team for each engineering project
- VPC peering between all engineering projects using a hub and spoke model
- Cloud VPN Gateway between all engineering projects using a hub and spoke model
解説
Reference: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#centralize_network_control

ユーザの投票
コメント(14)
- I agree with A Centralize network control:
  
  Use Shared VPC to connect to a common VPC network. Resources in those projects can communicate with each other securely and efficiently across project boundaries using internal IPs. You can manage shared network resources, such as subnets, routes, and firewalls, from a central host project, enabling you to apply and enforce consistent network policies across the projects.
  
  👍 18
  ArizonaClassics2020/08/01
- I believe the answer is D. How can shared VPC give access to your on premise environment ? A seems wrong to me.
  
  👍 2
  Sheeda2020/08/11
- Connect your enterprise network
  
  Many enterprises need to connect existing on-premises infrastructure with their Google Cloud resources. Evaluate your bandwidth, latency, and SLA requirements to choose the best connection option:
  
  If you need low-latency, highly available, enterprise-grade connections that enable you to reliably transfer data between your on-premises and VPC networks without traversing the internet connections to Google Cloud, use Cloud Interconnect:
  
  Dedicated Interconnect provides a direct physical connection between your on-premises network and Google's network. Partner Interconnect provides connectivity between your on-premises and Google Cloud VPC networks through a supported service provider. If you don't require the low latency and high availability of Cloud Interconnect, or you are just starting on your cloud journey, use Cloud VPN to set up encrypted IPsec VPN tunnels between your on-premises network and VPC. Compared to a direct, private connection, an IPsec VPN tunnel has lower overhead and costs.
  
  👍 1
  Sheeda2020/08/11
シャッフルモード

解説

ユーザの投票

コメント(14)