Exam Associate Cloud Engineer topic 1 question 162 discussion

B, Forwarding zones Cloud DNS forwarding zones let you configure target name servers for specific private zones. Using a forwarding zone is one way to implement outbound DNS forwarding from your VPC network. A Cloud DNS forwarding zone is a special type of Cloud DNS private zone. Instead of creating records within the zone, you specify a set of forwarding targets. Each forwarding target is an IP address of a DNS server, located in your VPC network, or in an on-premises network connected to your VPC network by Cloud VPN or Cloud Interconnect. A does not apply, that is to provide internet access to resources C, does not apply D, I don't get it so B

https://cloud.google.com/dns/docs/best-practices#best_practices_for_dns_forwarding_zones_and_server_policies Cloud DNS offers DNS forwarding zones and DNS server policies to allow lookups of DNS names between your on-premises and Google Cloud environment. You have multiple options for configuring DNS forwarding. The following section lists best practices for hybrid DNS setup. These best practices are illustrated in the Reference architectures for hybrid DNS. So I think B is correct

B https://cloud.google.com/dns/docs/overview

DNS is a hierarchical distributed database that lets you store IP addresses and other data and look them up by name. Cloud DNS lets you publish your zones and records in DNS without the burden of managing your own DNS servers and software. Cloud DNS offers both public zones and private managed DNS zones. A public zone is visible to the public internet, while a private zone is visible only from one or more Virtual Private Cloud (VPC) networks that you specify. https://cloud.google.com/dns/docs/overview

B is the correct Answer

Based on this - https://cloud.google.com/dns/docs/overview#dns-forwarding-methods B must be the best option. I don't think there's a "typo" (or completely wrongly worded answer) in option D (there's comments saying that instead of Compute Engine it should be on-premise). I believe option D is wrong on purpose to create a confusion.

B is correct answer, Configure Private Google Access for on-premises hosts, DNS configuration Your on-premises network must have DNS zones and records configured so that Google domain names resolve to the set of IP addresses for either private.googleapis.com or restricted.googleapis.com. You can create Cloud DNS managed private zones and use a Cloud DNS inbound server policy, or you can configure on-premises name servers. For example, you can use BIND or Microsoft Active Directory DNS. https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain

Ans is D, looks like there is typo

B. DNS works best with dynamic IPs.

Correct Ans is B Ref - https://cloud.google.com/dns/docs/best-practices#best_practices_for_private_zones

B Cloud DNS

B is correct

B: DNS

ans D https://cloud.google.com/compute/docs/internal-dns

option B

https://cloud.google.com/dns/docs/overview#:~:text=Create%20an%20inbound,the%20VPC%20network.

IT's D, because: A) Cloud NAT direction will be from the cloud resources to the on prem, an the DB is on prem (It will not work if the IP of the database on prem changes, and you have an VPN you should traffic your data trough it). B) If you create a private zone and configure the applications, if your servers doesnt use the dns will not work. C) I think is not suitable. I guess you should re-deploy all your Apps with the new conf if the address change. D) If you have an A record ip of your DB HOST(wich is on prem) in Engine internal DNS and if it changes, you can update the registry quickly to change it to the new IP address, so it will be the best option for sure.