Exam Associate Cloud Engineer topic 1 question 179 discussion

Passed the test today. About 80% of the questions are here.

A is the Right answer. You can discard B and C because they lack the need of creating Network Peering to communicate the DMZ VPC with the LAN VPC (LAN VPC is not exposed to public so they need to communicate via private addresses which cannot be achieved with 2 VPCs without Network Peering). Plus, you can discard B, as you don't need to enable the egress traffic, you always need to enable the ingress traffic as this is never enabled by default.

Option C is NOT valid as it overlooks the requirement for VPC peering or another connection method to enable communication between two separate VPCs. 1. There is no default connection between different VPC 2. By default all incoming(ingress) traffic is denied. So, a firewall rule is needed even in the same VPC.

The answer is A: Here's the explanation: -->Single VPC: Creating a single Virtual Private Cloud (VPC) is a common practice to manage your resources in Google Cloud. Subnet for DMZ and LAN: Creating separate subnets within the same VPC for the DMZ (public-facing) and LAN (private) resources is a recommended approach to segregate your resources. -->Firewall Rules: Setting up firewall rules allows you to control traffic between the DMZ and LAN subnets and enables you to define specific access policies. You also need to allow public traffic (ingress) into the DMZ to make the public-facing resources accessible from the internet.

A is the correct answer, as it meet the question requirment

A is the right choice

A seems right

hi All what is the ans

1 VPC enough for LAN and DMZ , Need to open appropriate firewall rules. A is right.

Vote for A By default traffic between subnets on a VPC network is not allowed (except on the "default" network). (This blocks traffic between all instances, not just traffic between subnets => FW rules must be defined to allow communications between all instances, regardless the subnets) 2 VPC will not work without peering.

You can't explicitly create a FW rule for the subnet, but connections are allowed or denied on a per-instance basis. You can think of the VPC firewall rules as existing not only between your instances and other networks, but also between individual instances within the same network. C will not work without peering...

Guys i cleared my exam last week. This question bank is must. 80% questions were from here.

A - my vote. Two different vpc need vpc peering.

I don't understand why you say that the answer is A. If you have 2 subnets in the same network you won't have firewall between the 2 subnets. So you can't have a DMZ that can communicate with a private network. So the answer should be C.

A is correct

Textbook example of DMZ and private subnet topology, hence answer A. Anyone who thinks C or multiple VPCs or whatever I strongly suggest you do CCNA before coming here.

Yes. Correct answer is A. No need to complicate the setup by creating two different VPC networks.