Answer-first summary for fast verification
Answer: Shared VPC Network with a host project and service projects
The correct answer is A (Shared VPC Network with a host project and service projects) because it directly addresses the requirement for centralized control over networking resources (firewall rules, subnets, routes) by the network security team. Shared VPC allows management from a central host project while enabling secure communication across service projects using internal IPs. It also supports VPN connections for on-premises access, as confirmed by community comments citing Google's best practices for centralized network control. Option B is inefficient and violates least privilege by granting broad Compute Admin roles. Option C (VPC peering) is decentralized and doesn't provide centralized management. Option D (Cloud VPN Gateway) focuses only on connectivity but lacks centralized control over core networking resources, making it insufficient for the primary requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team needs to configure a Google Cloud Platform (GCP) environment to centralize control over networking resources such as firewall rules, subnets, and routes. An on-premises environment also requires access to GCP resources via a private VPN connection. The network security team must manage these networking resources.
Which networking design should your team implement to meet these requirements?
A
Shared VPC Network with a host project and service projects
B
Grant Compute Admin role to the networking team for each engineering project
C
VPC peering between all engineering projects using a hub and spoke model
D
Cloud VPN Gateway between all engineering projects using a hub and spoke model
No comments yet.