Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

The requirement is to create separate network administrative domains for three departments within a single project, allowing two to communicate while isolating the third, with minimal operational overhead.

Option A (Shared VPC) is incorrect because Shared VPC centralizes network management in a host project, preventing departments from having separate administrative control over their networks.
Option B (Cloud VPN) involves setting up VPN tunnels, which introduces complexity compared to VPC peering, increasing operational overhead.
Option C (VPC peering) is optimal: creating three VPCs and peering the two that need connectivity ensures isolation for the third. VPC peering is simpler and more cost-effective than VPN. Administrative separation is achieved via IAM roles scoped to each VPC.
Option D (single VPC with firewall rules/tags) does not create separate administrative domains and risks misconfiguration, increasing overhead.

Thus, using VPC peering (C) meets the requirements by balancing simplicity, isolation, and administrative separation.

Explanation:

Option A (Shared VPC) is incorrect because Shared VPC centralizes network management in a host project, preventing departments from having separate administrative control over their networks.
Option B (Cloud VPN) involves setting up VPN tunnels, which introduces complexity compared to VPC peering, increasing operational overhead.
Option C (VPC peering) is optimal: creating three VPCs and peering the two that need connectivity ensures isolation for the third. VPC peering is simpler and more cost-effective than VPN. Administrative separation is achieved via IAM roles scoped to each VPC.
Option D (single VPC with firewall rules/tags) does not create separate administrative domains and risks misconfiguration, increasing overhead.

Thus, using VPC peering (C) meets the requirements by balancing simplicity, isolation, and administrative separation.

Comments (0)

No comments yet.

Your organization is deploying a single Google Cloud project for three distinct departments. Two departments need network connectivity between each other, while the third must remain isolated. The design should establish separate network administrative domains while minimizing operational overhead.

How would you architect the network topology to meet these requirements?

Exam-Like

Last updated: May 23, 2026 at 14:02

Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.

10.0%

Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.

0.0%

Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.

90.0%

Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.