ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 167 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 167
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

  • A. Customize the operating system DNS configuration files to target the on-premises DNS servers.
  • B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • C. Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at Feb. 8, 2024, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gonlafer
Highly Voted 1 year, 2 months ago
Selected Answer: D
B is not an option as per Google best practices: https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks therefore I see D as best option
upvoted 7 times
...
[Removed]
Highly Voted 1 year, 2 months ago
Selected Answer: B
The scenario outlines the need for separate VPC networks for Department A and Department B with access to the same on-premises location through separate links while maintaining full isolation between the VPC networks. Additionally, the design should allow querying on-premises DNS servers from Google Cloud workloads using conditional forwarding while minimizing operational overhead. Given these requirements, the most suitable option is: B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
upvoted 5 times
[Removed]
1 year, 2 months ago
Option A (Customizing operating system DNS configuration files) may introduce complexity and operational overhead, as it would require manual configuration on each workload instance, potentially leading to inconsistencies and management challenges. Option C (Peering Department A's and Department B's VPC networks) could introduce complexity and potentially compromise isolation between the departments, as peering would allow direct communication between the VPC networks. Option D (Configuring Cloud DNS Peering zone and outbound forwarding zone) introduces unnecessary complexity and potential security risks by allowing direct DNS communication between the departments' VPC networks.
upvoted 1 times
...
[Removed]
1 year, 2 months ago
it provides: Isolation between VPC networks, Separate on-premises links, Separate Cloud DNS private zones and forwarding zones
upvoted 1 times
...
...
jfwahab
Most Recent 2 weeks, 5 days ago
Selected Answer: C
Peer each of Department A's and Department B's VPC networks to a single VPC network that connects to on-premises. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
upvoted 1 times
...
RKS_2021
1 month, 3 weeks ago
Selected Answer: D
D is correct.
upvoted 1 times
...
saraali
2 months, 1 week ago
Selected Answer: B
Why not D D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network: While this could work for DNS, it introduces unnecessary complexity by using Cloud DNS Peering, which is not required for the desired outcome. Also, DNS peering doesn't fully meet the isolation requirement between the VPCs. Conclusion: B is the best option because it maintains the required isolation between the two VPCs, while also addressing the need to forward DNS queries to on-premises servers using conditional forwarding.
upvoted 1 times
...
saraali
2 months, 1 week ago
Selected Answer: B
B is the best option because it maintains the required isolation between the two VPCs, while also addressing the need to forward DNS queries to on-premises servers using conditional forwarding.
upvoted 1 times
...
832f53c
8 months ago
Selected Answer: B
A - High operational overhead C - Do not complete isolate D - Add complexity B is correct
upvoted 1 times
...
nkastanas
9 months, 1 week ago
Selected Answer: B
D: This configuration still requires peering between the VPCs, which does not meet the requirement for full isolation between Department A and Department B.
upvoted 1 times
...
hamish88
11 months, 3 weeks ago
Selected Answer: D
Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 2 times
...
hamish88
11 months, 4 weeks ago
I guess the "full isolation between the VPC networks" part rejects option D
upvoted 1 times
hamish88
11 months, 3 weeks ago
I take it back, D is the answer. When we have two forwarding Cloud DNS zones, the replies from the on-premises DNS may directed towards other VPCs: Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 1 times
...
...
irmingard_examtopics
1 year, 1 month ago
Selected Answer: D
Use DNS peering to avoid outbound forwarding from multiple VPC networks https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 2 times
...
PeppaPig
1 year, 2 months ago
D is the answer B is clearly wrong. You should avoid outbound DNS forwarding from multiple VPCs https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago