Exam Professional Cloud Network Engineer All Questions

View all questions & answers for the Professional Cloud Network Engineer exam

Exam Professional Cloud Network Engineer topic 1 question 125 discussion

Actual exam question from Google's Professional Cloud Network Engineer

Question #: 125
Topic #: 1

[All Professional Cloud Network Engineer Questions]

You are designing a hybrid cloud environment. Your Google Cloud environment is interconnected with your on-premises network using HA VPN and Cloud Router in a central transit hub VPC. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88. You need to ensure that your Compute Engine resources in multiple spoke VPCs can resolve on-premises private hostnames using the domain corp.altostrat.com while also resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?

A. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC.
2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
4. Configure VPC peering in the spoke VPCs to peer with the hub VPC.
B. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88.
2. Associate the zone with the hub VPC. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke PCs, with the hub VPC as the target.
3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
C. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC.
2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
4. Create a hub-and-spoke VPN deployment in each spoke VPC to connect back to the on-premises network directly.
D. 1. Create a private forwarding zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com that points to 192. 168.20.88. Associate the zone with the hub VPC.
2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target.
3. Sat a custom route advertisement on the Cloud Router for 35.199.192.0/19.
4. Create a hub and spoke VPN deployment in each spoke VPC to connect back to the hub VPC.

Show Suggested Answer

Suggested Answer: A 🗳️

by ccieman2016 at Dec. 3, 2022, 1:09 p.m.

Comments

Submit Cancel

ccieman2016

Highly Voted 1 year, 6 months ago

Selected Answer: A

C and D is wrong, hub-and-spoke vpn deployment. B is wrong, when create forwarding zone is required associate zone with VPC, not after create. A is complete, and correct. 100% A, I tested in my lab.

upvoted 10 times

AzureDP900

1 year, 6 months ago

Agreed. I am good with your explanation and choosing A.

upvoted 1 times

...

n2183712847

Most Recent 1 month, 2 weeks ago

Selected Answer: A

A is correct

upvoted 2 times

...

1f01b87

3 months ago

Selected Answer: B

B is the correct answer. VPC peering is not required for DNS peering.

upvoted 2 times

...

Thornadoo

10 months, 1 week ago

Selected Answer: A

Please read - https://cloud.google.com/dns/docs/best-practices. It clearly says that in the Hybrid architecture using a hub VPC network connected to spoke VPC networks section that DNS peering runs in parallel with VPC Network Peering connections to allow name resolution between environments.

upvoted 3 times

...

Dan137

1 year ago

Selected Answer: B

Agree with B after reading https://cloud.google.com/blog/products/networking/how-to-use-cloud-dns-peering-in-a-shared-vpc-environment/ which was shared in a previous comment.

upvoted 3 times

...

SZON

1 year, 3 months ago

B because you don't need VPC peering

upvoted 3 times

...

mikizenit

1 year, 3 months ago

It's B in my opinion. https://cloud.google.com/blog/products/networking/how-to-use-cloud-dns-peering-in-a-shared-vpc-environment/ Cloud DNS peering is not to be confused with VPC peering, and it doesn’t require you to configure any communication between the source and destination VPC.

upvoted 3 times

...

asharma7

1 year, 3 months ago

It is B. You don't need VPC network peering with spoke to make DNS hostname resolutions work.

upvoted 4 times

...

pk349

1 year, 5 months ago

• A. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC. 2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target. 3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19. 4. Configure ******* VPC peering in the spoke ******* VPCs to peer with the hub VPC.

upvoted 2 times

...

apehkone

1 year, 5 months ago

Selected Answer: D

VPC Network Peering connections don't allow transitive traffic beyond the two VPC networks in a peering relationship which means that option A wouldn't work because spokes cannot reach the on-prem network via the hub network. See: https://cloud.google.com/architecture/deploy-hub-spoke-vpc-network-topology

upvoted 2 times

...

Rightsaidfred

1 year, 6 months ago

Selected Answer: A

VPC Peering is required between the Hub and Spoke VPC's - A is the only one that mentions this!

upvoted 2 times

...