Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 167 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 167
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

  • A. Customize the operating system DNS configuration files to target the on-premises DNS servers.
  • B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • C. Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at Feb. 8, 2024, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gonlafer
Highly Voted 9 months, 1 week ago
Selected Answer: D
B is not an option as per Google best practices: https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks therefore I see D as best option
upvoted 6 times
...
[Removed]
Highly Voted 9 months, 3 weeks ago
Selected Answer: B
The scenario outlines the need for separate VPC networks for Department A and Department B with access to the same on-premises location through separate links while maintaining full isolation between the VPC networks. Additionally, the design should allow querying on-premises DNS servers from Google Cloud workloads using conditional forwarding while minimizing operational overhead. Given these requirements, the most suitable option is: B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
upvoted 5 times
[Removed]
9 months, 3 weeks ago
Option A (Customizing operating system DNS configuration files) may introduce complexity and operational overhead, as it would require manual configuration on each workload instance, potentially leading to inconsistencies and management challenges. Option C (Peering Department A's and Department B's VPC networks) could introduce complexity and potentially compromise isolation between the departments, as peering would allow direct communication between the VPC networks. Option D (Configuring Cloud DNS Peering zone and outbound forwarding zone) introduces unnecessary complexity and potential security risks by allowing direct DNS communication between the departments' VPC networks.
upvoted 1 times
...
[Removed]
9 months, 3 weeks ago
it provides: Isolation between VPC networks, Separate on-premises links, Separate Cloud DNS private zones and forwarding zones
upvoted 1 times
...
...
832f53c
Most Recent 3 months ago
Selected Answer: B
A - High operational overhead C - Do not complete isolate D - Add complexity B is correct
upvoted 1 times
...
nkastanas
4 months ago
Selected Answer: B
D: This configuration still requires peering between the VPCs, which does not meet the requirement for full isolation between Department A and Department B.
upvoted 1 times
...
hamish88
6 months, 3 weeks ago
Selected Answer: D
Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 2 times
...
hamish88
6 months, 3 weeks ago
I guess the "full isolation between the VPC networks" part rejects option D
upvoted 1 times
hamish88
6 months, 3 weeks ago
I take it back, D is the answer. When we have two forwarding Cloud DNS zones, the replies from the on-premises DNS may directed towards other VPCs: Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 1 times
...
...
irmingard_examtopics
8 months ago
Selected Answer: D
Use DNS peering to avoid outbound forwarding from multiple VPC networks https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 2 times
...
PeppaPig
9 months, 2 weeks ago
D is the answer B is clearly wrong. You should avoid outbound DNS forwarding from multiple VPCs https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel