ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 14 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 14
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company just completed the acquisition of Altostrat (a current GCP customer). Each company has a separate organization in GCP and has implemented a custom DNS solution. Each organization will retain its current domain and host names until after a full transition and architectural review is done in one year.
These are the assumptions for both GCP environments.
"¢ Each organization has enabled full connectivity between all of its projects by using Shared VPC.
"¢ Both organizations strictly use the 10.0.0.0/8 address space for their instances, except for bastion hosts (for accessing the instances) and load balancers for serving web traffic.
"¢ There are no prefix overlaps between the two organizations.
"¢ Both organizations already have firewall rules that allow all inbound and outbound traffic from the 10.0.0.0/8 address space.
"¢ Neither organization has Interconnects to their on-premises environment.
You want to integrate networking and DNS infrastructure of both organizations as quickly as possible and with minimal downtime.
Which two steps should you take? (Choose two.)

  • A. Provision Cloud Interconnect to connect both organizations together.
  • B. Set up some variant of DNS forwarding and zone transfers in each organization.
  • C. Connect VPCs in both organizations using Cloud VPN together with Cloud Router.
  • D. Use Cloud DNS to create A records of all VMs and resources across all projects in both organizations.
  • E. Create a third organization with a new host project, and attach all projects from your company and Altostrat to it using shared VPC.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by dxloader at July 16, 2020, 4:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BobBui
Highly Voted 3 years, 7 months ago
I go with B&C, https://cloud.google.com/dns/docs/best-practices
upvoted 15 times
Raz0r
2 years, 3 months ago
"Zone transfers. Cloud DNS doesn't support zone transfers, so you cannot use zone transfers to synchronize DNS records with your on-premises DNS servers." Source: https://cloud.google.com/dns/docs/best-practices#:~:text=passes%20these%20requests.-,Zone%20transfers,-.%20Cloud%20DNS%20doesn%27t
upvoted 1 times
...
sc00by
3 years, 6 months ago
Indeed, because they are using custom DNS, on the other hand Cloud DNS cannot manage interorganizations DNS querys.
upvoted 1 times
JohnnyBG
3 years, 3 months ago
It cannot be B, therefore ans is C&D https://cloud.google.com/dns/docs/best-practices#best_practices_for_dns_forwarding_zones_and_server_policies Note: DNS forwarding cannot be used to forward between different Google Cloud environments, regardless of which way they are interconnected. For that use case, use DNS peering.
upvoted 1 times
Bill831231
2 years, 11 months ago
just wondering, why there is no option for vpc peering
upvoted 4 times
Loved
1 year, 1 month ago
"Both organizations strictly use the 10.0.0.0/8 address space". No VPC Peering for overlapping reason
upvoted 3 times
...
...
...
...
...
KingCartman
Highly Voted 1 year, 7 months ago
Selected Answer: BC
This is a case of needing to read the question carefully and not dive straight into the Google docs, as they may not be relevant in some cases: Two key points here: Both orgs are using a custom DNS solution (i.e. Not Cloud DNS) Each organization will retain its current domain and host names until after a full transition and architectural review is done in one year. By process of elimination. A) Is incorrect as you don't use an interconnect for connecting two GCP orgs D) Is incorrect, as Cloud DNS isn't being used E) Isn't correct, as a third org would require a new domain and host names etc., and both orgs are retaining the domains etc. for a year. This leaves us with B and C, which are both valid answers. B. Set up some variant of DNS forwarding and zone transfers in each organization. C. Connect VPCs in both organizations using Cloud VPN together with Cloud Router.
upvoted 9 times
...
saraali
Most Recent 2 months, 2 weeks ago
Selected Answer: BC
To integrate the networking and DNS infrastructure of both organizations quickly and with minimal downtime, you should set up DNS forwarding and zone transfers (Option B) to allow seamless DNS resolution between the two organizations. Additionally, connecting the VPCs using Cloud VPN and Cloud Router (Option C) will enable secure communication between the organizations' networks without requiring significant reconfiguration or restructuring. These steps ensure both networking and DNS integration with minimal disruption to existing services.
upvoted 1 times
...
ian_gcpca
4 months ago
Selected Answer: CD
C & D... for B- Cloud DNS doesn't support zone transfers. While conditional forwarding can work, it adds complexity and might not be as efficient or reliable as using Cloud DNS as the central authority.
upvoted 1 times
ian_gcpca
4 months ago
changing my answer to B & C. each org already has implemented their own DNS solutions. no need for D
upvoted 1 times
...
...
xhilmi
10 months, 3 weeks ago
Selected Answer: BC
Choose B&C. B. Set up some variant of DNS forwarding and zone transfers in each organization. Explanation: DNS forwarding and zone transfers can be used to share DNS information between the organizations. This way, both organizations can resolve domain names from the other organization's DNS server. This allows for a seamless integration of DNS infrastructure. C. Connect VPCs in both organizations using Cloud VPN together with Cloud Router. Explanation: Cloud VPN with Cloud Router enables secure communication between VPCs in different organizations over the public internet. This allows for the integration of networking infrastructure between the organizations with minimal downtime.
upvoted 2 times
...
Kyle1776
11 months ago
Selected Answer: AB
Cant be C Conenct with VPN because you can only deploy a VPN between VPC's within your own organization. Question states company are in separate organizations currently. If you dont believe me lab it up and make 2 separate GCP accounts and try and deploy a VPN between the 2. I will be going with A & B since interconnect is the only other viable option on this question. In reality, VPC peering would be the way to go since it specifies there is no overlap.
upvoted 1 times
BenMS
10 months, 3 weeks ago
The question explicitly states that both orgs use the same IP range (10.0.0.0/8) hence they DO overlap
upvoted 1 times
Kyle1776
9 months, 2 weeks ago
Yes they are both using the 10.0.0.0/8 and then the next point says "There are no prefix overlaps between the two organizations." they are both using the 10/8 space but there is no conflict between them. For example: org1 10.0.0.0/9 org2 10.128.0.0/9 Both of these fall withing the 10.0.0.0/8 but dont overlap.
upvoted 1 times
...
...
...
aswani
1 year, 2 months ago
Selected Answer: BC
ADE incorrect. That leaves with BC
upvoted 1 times
...
rr4444
1 year, 3 months ago
B is impossible. Cloud DNS does NOT support Zone Transfers https://cloud.google.com/dns/docs/best-practices#use_conditional_forwarding_for_accessing_dns_records_from_on-premises
upvoted 1 times
...
Ben756
1 year, 7 months ago
Selected Answer: BD
B&D Option A is not required as there are no Interconnects to their on-premises environment. Option C is not required as the organizations are already connected via Shared VPC. Option E is not required as creating a third organization will only add more complexity to the integration process. Option B is necessary to allow DNS queries to be forwarded between the two organizations. This can be achieved by setting up DNS forwarding and zone transfers in each organization. Option D is necessary to ensure that all resources can be accessed using their fully qualified domain names (FQDNs) and to avoid IP address conflicts. This can be achieved by using Cloud DNS to create A records of all VMs and resources across all projects in both organizations.
upvoted 1 times
...
ivan1656056
1 year, 9 months ago
Doesn't the question state that they use the same IP range for instances? How can we connect the networks together if they overlap?
upvoted 1 times
...
pk349
1 year, 9 months ago
BC: • Zone transfers. Cloud DNS doesn't support zone transfers, so you cannot use zone transfers to synchronize DNS records with your on-premises DNS servers. . In a hybrid environment that consists of on-premises and one or more cloud platforms, DNS records for internal resources often need to be accessed across environments. Traditionally, on-premises DNS records are manually administered by using an authoritative DNS server In a hybrid environment, DNS resolution can be performed in different locations. You can do the following: • Use a hybrid approach with two authoritative DNS systems. • Keep DNS resolution on-premises. • Move all DNS resolution to Cloud DNS. We recommend the hybrid approach, so this document focuses on that approach.
upvoted 1 times
...
TD24
1 year, 10 months ago
I go with B&C in view of best practices
upvoted 1 times
...
pfilourenco
1 year, 10 months ago
Selected Answer: BC
I go with B&C, https://cloud.google.com/dns/docs/best-practices
upvoted 1 times
...
jeeet_
2 years ago
lets eliminate a. interconnect - wrong -- not required, as both orgs in GCP d. create dns A records for all vms in respective orgs, -- wrong -- not helpful as cross org dns resolution won't happen. e. create third org-- wrong irrelevant. left B and C B. talks about creating some variant so unknown but possible. C. lets connect two orgs projects via peering and vpns etc.
upvoted 2 times
...
GCP72
2 years, 2 months ago
Selected Answer: CD
The correct answer is C&D.
upvoted 2 times
...
[Removed]
2 years, 7 months ago
1.Cloud DNS offers DNS forwarding zones and DNS server policies to allow lookups of DNS names between your on-premises and Google Cloud environment. 2.DNS forwarding cannot be used to forward between different Google Cloud environments, regardless of which way they are interconnected. https://cloud.google.com/dns/docs/best-practices#best_practices_for_dns_forwarding_zones_and_server_policies So I think the Option D is NOT correct.
upvoted 2 times
[Removed]
2 years, 7 months ago
Re-view the https://cloud.google.com/dns/docs/best-practices Modify my answer from BC to CD.
upvoted 1 times
...
...
kumarp6
2 years, 9 months ago
Answer is : B and C
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago