Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud Network Engineer topic 1 question 167 discussion

Actual exam question from Google's Professional Cloud Network Engineer
Question #: 167
Topic #: 1
[All Professional Cloud Network Engineer Questions]

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

  • A. Customize the operating system DNS configuration files to target the on-premises DNS servers.
  • B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • C. Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
  • D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by GoReplyGCPExam at Feb. 8, 2024, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
GoReplyGCPExam
Highly Voted 3 months, 1 week ago
Selected Answer: B
The scenario outlines the need for separate VPC networks for Department A and Department B with access to the same on-premises location through separate links while maintaining full isolation between the VPC networks. Additionally, the design should allow querying on-premises DNS servers from Google Cloud workloads using conditional forwarding while minimizing operational overhead. Given these requirements, the most suitable option is: B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
upvoted 5 times
GoReplyGCPExam
3 months, 1 week ago
it provides: Isolation between VPC networks, Separate on-premises links, Separate Cloud DNS private zones and forwarding zones
upvoted 1 times
...
GoReplyGCPExam
3 months, 1 week ago
Option A (Customizing operating system DNS configuration files) may introduce complexity and operational overhead, as it would require manual configuration on each workload instance, potentially leading to inconsistencies and management challenges. Option C (Peering Department A's and Department B's VPC networks) could introduce complexity and potentially compromise isolation between the departments, as peering would allow direct communication between the VPC networks. Option D (Configuring Cloud DNS Peering zone and outbound forwarding zone) introduces unnecessary complexity and potential security risks by allowing direct DNS communication between the departments' VPC networks.
upvoted 1 times
...
...
hamish88
Most Recent 1 week, 1 day ago
Selected Answer: D
Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 1 times
...
hamish88
2 weeks ago
I guess the "full isolation between the VPC networks" part rejects option D
upvoted 1 times
hamish88
1 week, 1 day ago
I take it back, D is the answer. When we have two forwarding Cloud DNS zones, the replies from the on-premises DNS may directed towards other VPCs: Do not use outbound forwarding to your on-premises DNS servers from multiple VPC networks because it creates problems with the return traffic. Google Cloud accepts responses from your DNS servers only if they're routed to the VPC network from which the query originated. However, queries from any VPC network have the same IP range 35.199.192.0/19 as source. Therefore, responses can't be routed correctly unless you have separate environments on-premises.
upvoted 1 times
...
...
irmingard_examtopics
1 month, 3 weeks ago
Selected Answer: D
Use DNS peering to avoid outbound forwarding from multiple VPC networks https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 1 times
...
gonlafer
2 months, 4 weeks ago
Selected Answer: D
B is not an option as per Google best practices: https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks therefore I see D as best option
upvoted 4 times
...
PeppaPig
3 months ago
D is the answer B is clearly wrong. You should avoid outbound DNS forwarding from multiple VPCs https://cloud.google.com/dns/docs/best-practices#use-dns-peering-to-avoid-outbound-forwarding-from-multiple_vpc-networks
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel