Answer-first summary for fast verification
Answer: Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
The question requires full isolation between VPC networks, separate on-premises links, and conditional DNS forwarding with minimal overhead. Option B ensures isolation by maintaining separate VPC networks with their own on-premises links. Each VPC uses its own Cloud DNS private zones (for internal DNS) and forwarding zones (to conditionally forward on-premises DNS queries via their respective links). This setup avoids VPC peering (which would break isolation, as in Option C) and manual OS configurations (Option A). Option D's DNS peering introduces interdependencies, complicating isolation. Option B meets all requirements while leveraging managed Cloud DNS services to minimize operational effort.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company has migrated to Google Cloud and set up distinct VPC networks for Department A and Department B. You must ensure both VPC networks can access the same on-premises location via separate dedicated connections while maintaining complete isolation between them. Additionally, workloads in Google Cloud need to query on-premises DNS servers using conditional forwarding. The solution should minimize operational overhead. What is the recommended approach?
A
Customize the operating system DNS configuration files to target the on-premises DNS servers.
B
Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
C
Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
D
Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.