ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam
Go to Exam

Exam Professional Cloud Network Engineer topic 1 question 167 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 167
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

  • A. Customize the operating system DNS configuration files to target the on-premises DNS servers.
  • B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • C. Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at Feb. 8, 2024, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gonlafer
Highly Voted 1 year, 4 months ago
Selected Answer: D
B is not an option as per Google best practices: https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks therefore I see D as best option
upvoted 7 times
...
pico
Most Recent 1 week, 6 days ago
Selected Answer: C
Solutions involving VPC peering or DNS peering between the two departments' VPCs would introduce needless complexity and dependencies, which contradicts the requirement for full isolation.
upvoted 1 times
...
jfwahab
2 months, 3 weeks ago
Selected Answer: C
Peer each of Department A's and Department B's VPC networks to a single VPC network that connects to on-premises. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
upvoted 1 times
...
RKS_2021
4 months ago
Selected Answer: D
D is correct.
upvoted 1 times
...
saraali
4 months, 2 weeks ago
Selected Answer: B
Why not D D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network: While this could work for DNS, it introduces unnecessary complexity by using Cloud DNS Peering, which is not required for the desired outcome. Also, DNS peering doesn't fully meet the isolation requirement between the VPCs. Conclusion: B is the best option because it maintains the required isolation between the two VPCs, while also addressing the need to forward DNS queries to on-premises servers using conditional forwarding.
upvoted 2 times
...
saraali
4 months, 2 weeks ago
Selected Answer: B
B is the best option because it maintains the required isolation between the two VPCs, while also addressing the need to forward DNS queries to on-premises servers using conditional forwarding.
upvoted 1 times
...
832f53c
10 months, 2 weeks ago
Selected Answer: B
A - High operational overhead C - Do not complete isolate D - Add complexity B is correct
upvoted 1 times
...
nkastanas
11 months, 2 weeks ago
Selected Answer: B
D: This configuration still requires peering between the VPCs, which does not meet the requirement for full isolation between Department A and Department B.
upvoted 1 times
...
hamish88
1 year, 1 month ago
Selected Answer: D
Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 2 times
...
hamish88
1 year, 2 months ago
I guess the "full isolation between the VPC networks" part rejects option D
upvoted 1 times
hamish88
1 year, 1 month ago
I take it back, D is the answer. When we have two forwarding Cloud DNS zones, the replies from the on-premises DNS may directed towards other VPCs: Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 1 times
...
...
irmingard_examtopics
1 year, 3 months ago
Selected Answer: D
Use DNS peering to avoid outbound forwarding from multiple VPC networks https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 2 times
...
PeppaPig
1 year, 4 months ago
D is the answer B is clearly wrong. You should avoid outbound DNS forwarding from multiple VPCs https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel