Google Professional Cloud Network Engineer
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
Your organization employs a hub-and-spoke architecture with critical Compute Engine instances in Virtual Private Clouds (VPCs). As the Cloud DNS designer in Google Cloud, you must ensure private zone resolution from your on-premises data center and enable on-premises name resolution within the hub-and-spoke VPC setup. What steps should you take?
Exam-Like
Last updated: January 22, 2026 at 14:03- Configure a private DNS zone in the hub VPC, and configure DNS forwarding to the on-premises server. 2. Configure DNS peering from the spoke VPCs to the hub VPC.
- Configure a DNS policy in the hub VPC to allow inbound query forwarding from the spoke VPCs. 2. Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
- Configure a DNS policy in the spoke VPCs, and configure your on-premises DNS as an alternate DNS server. 2. Configure the hub VPC with a private zone, and set up DNS peering to each of the spoke VPCs.
- Configure a DNS policy in the hub VPC, and configure the on-premises DNS as an alternate DNS server. 2. Configure the spoke VPCs with a private zone, and set up DNS peering to the hub VPC.
A
B
C
D
Explanation:
The correct approach involves centralizing the private DNS zone in the hub VPC and enabling DNS resolution across spokes and on-premises. Option A addresses this by:
- Creating a private DNS zone in the hub VPC, which hosts the critical DNS records. Configuring DNS forwarding to on-premises allows the hub to resolve on-premises queries (outbound).
- DNS peering from spoke VPCs to the hub ensures spokes can resolve the hub's private zone. However, for on-premises to resolve the hub's private zone, the hub must allow inbound queries (via DNS policies), which isn't explicitly stated but is implied as part of the DNS forwarding setup. While the metadata server IP (169.254.169.254) isn't directly reachable from on-premises, the question assumes connectivity (e.g., via VPN/Interconnect) and focuses on DNS configuration. Other options either distribute zones incorrectly or misconfigure peering.
Comments
Loading comments...