Answer: Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

The requirement is to create separate network administrative domains for three departments within a single project, allowing two to communicate while isolating the third, with minimal operational overhead. - **Option A** (Shared VPC) is incorrect because Shared VPC centralizes network management in a host project, preventing departments from having separate administrative control over their networks. - **Option B** (Cloud VPN) involves setting up VPN tunnels, which introduces complexity compared to VPC peering, increasing operational overhead. - **Option C** (VPC peering) is optimal: creating three VPCs and peering the two that need connectivity ensures isolation for the third. VPC peering is simpler and more cost-effective than VPN. Administrative separation is achieved via IAM roles scoped to each VPC. - **Option D** (single VPC with firewall rules/tags) does not create separate administrative domains and risks misconfiguration, increasing overhead. Thus, using VPC peering (C) meets the requirements by balancing simplicity, isolation, and administrative separation.

Author: LeetQuiz Editorial Team