Answer-first summary for fast verification
Answer: Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.
The correct approach is to use a single Shared VPC in the Host Project and share specific subnets with Service Projects. Google's recommended practice for controlled communication between departments (like Production and Staging) within a Shared VPC involves using firewall rules to restrict traffic between subnets. Options A and B are invalid because a single Host Project can only host one Shared VPC, and creating two Shared VPCs in the same Host Project is not allowed. Option C incorrectly suggests creating Shared VPCs in Service Projects, which is not possible as Service Projects attach to a Host Project's Shared VPC. Option D correctly uses a single VPC with subnet sharing and firewall rules to enforce communication controls between specific networks, aligning with Google's best practices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should you design a shared VPC architecture where the Production and Staging departments can communicate only via specific networks, while adhering to Google-recommended practices and maintaining strict route controls between departments?
A
Create 2 shared VPCs within the shared VPC Host Project, and enable VPC peering between them. Use firewall rules to filter access between the specific networks.
B
Create 2 shared VPCs within the shared VPC Host Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
C
Create 2 shared VPCs within the shared VPC Service Project, and create a Cloud VPN/Cloud Router between them. Use Flexible Route Advertisement (FRA) to filter access between the specific networks.
D
Create 1 VPC within the shared VPC Host Project, and share individual subnets with the Service Projects to filter access between the specific networks.