Answer-first summary for fast verification
Answer: 1. Utilize a single VPC with two subnets: one for the DMZ and one for LAN. 2. Manage traffic between LAN and DMZ with firewall rules, and establish rules to permit public ingress traffic for the DMZ.
Option A is correct because it logically separates the DMZ and LAN into two subnets within a single VPC, allowing for controlled traffic between them via firewall rules. It also correctly specifies allowing public ingress traffic for the DMZ, which is essential for public server accessibility. Option B is incorrect as it suggests allowing public egress traffic for the DMZ, which does not meet the requirement for public server accessibility. Option C is incorrect for the same reason as B, plus it unnecessarily complicates the setup by proposing two separate VPCs. Option D, while correctly suggesting the allowance of public ingress traffic, incorrectly proposes two separate VPCs, adding unnecessary complexity. For further reading, consider these resources: - [Understanding DMZ on Google Cloud](https://medium.com/google-cloud/a-dmz-what-is-that-acc3b21b9653) - [Google Cloud VPC Documentation](https://cloud.google.com/vpc/docs/vpc#:~:text=Subnets%20are%20regional%20resources.,or%20arrives%20at%20a%20VM.)
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As a senior cloud engineer at a leading medical institute, you're overseeing the migration of a legacy enterprise client's infrastructure to GCP Compute Engine. The setup includes medical servers accessible from the internet and others via the institute's internal intranet, all communicating over specific ports and protocols. The current network uses a DMZ for public servers and a LAN for private ones. How would you design the GCP networking to meet these requirements?
A
B
C
D