Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

You are designing a network architecture for your organization with three developer teams (Web, App, and Database) that require access to Compute Engine instances. As part of a small network and security team, you need to provide network access while maintaining centralized control over subnets, routes, and firewalls, with minimal operational overhead. How would you design this topology?

Exam-Like

Configure a host project with a Shared VPC. Create service projects for Web, App, and Database.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Configure HA VPN between each VPC.

Configure three Shared VPC host projects, each with a service project: one for Web, one for App, and one for Database.

Configure one VPC for Web, one VPC for App, and one VPC for Database. Use VPC Network Peering to connect all VPCs in a full mesh.

Explanation:

The question requires a network design that centralizes control over network resources and minimizes operational overhead. Shared VPC allows a host project to manage shared network resources (subnets, routes, firewalls) while service projects (Web, App, Database) use these resources. Option A centralizes management in a single host project, avoiding the complexity of managing multiple VPCs (as in B, C, or D). Options B and D involve separate VPCs with VPN/peering, increasing management effort. Option C uses multiple host projects, which decentralizes control. Thus, Option A is the correct choice.

Powered ByGPT-5.2

Comments

Loading comments...