Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure a private zone for the application record (myglobalapp.terramearth.com) and point to the internal IP address of the application VM. Bind this zone to the VPC.

The correct approach is to use a private DNS zone in Cloud DNS that resolves the same domain name (myglobalapp.terramearth.com) to the internal IP address. By creating a private zone for the domain and binding it to the VPC, internal clients within the VPC will receive the internal IP address when querying the domain, while external clients will resolve the public IP via the existing public zone. This is Google's recommended practice for split-view DNS, ensuring compliance without modifying client configurations or using non-scalable methods like host files. Option C achieves this seamlessly. Other options either require changing client configurations (A/D) or involve unsupported features like custom scripts (B).

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Configure a private zone for the application record (myglobalapp.terramearth.com) and point to the internal IP address of the application VM. Bind this zone to the VPC.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization, TerramEarth, is deploying a global application to handle credit card payments. Client VMs within the same VPC as the application must access it privately without using the application's global external IP address due to compliance constraints. Currently, Cloud DNS resolves `myglobalapp.terramearth.com` only to a public IP address via a public zone. The internal clients need to resolve `myglobalapp.example.com` privately without exposing the external IP. How should you configure Cloud DNS to meet this requirement while adhering to Google-recommended practices?

Exam-Like

Create a sub-domain named internal.terramearth.com. Add the new DNS entry (myglobalapp.internal.terramearth.com) to the sub-domain pointing to the internal IP address from the application VM.

0.0%

Configure a query logic script inside Cloud DNS to check the source IP address from the VPC, and respond with a modified DNS record to include the internal IP address from the application VM.

0.0%

Configure a private zone for the application record (myglobalapp.terramearth.com) and point to the internal IP address of the application VM. Bind this zone to the VPC.

100.0%

Promote the ephemeral IP address from the application VM to static, add this static ip address to each internal client's host file, and change the myglobalapp.terramearth.com DNS record to this new static IP address.