Explanation:
The correct approach is to use a single Shared VPC in the Host Project and share specific subnets with Service Projects. Google's recommended practice for controlled communication between departments (like Production and Staging) within a Shared VPC involves using firewall rules to restrict traffic between subnets. Options A and B are invalid because a single Host Project can only host one Shared VPC, and creating two Shared VPCs in the same Host Project is not allowed. Option C incorrectly suggests creating Shared VPCs in Service Projects, which is not possible as Service Projects attach to a Host Project's Shared VPC. Option D correctly uses a single VPC with subnet sharing and firewall rules to enforce communication controls between specific networks, aligning with Google's best practices.
Ultimate access to all questions.
No comments yet.
How should you design a shared VPC architecture where the Production and Staging departments can communicate only via specific networks, while adhering to Google-recommended practices and maintaining strict route controls between departments?
A
Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.
B
Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
C
Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
D
Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.