Google Professional Cloud Security Engineer

Get started today

Ultimate access to all questions.

Explanation:

Option D is the correct choice because it fully addresses all requirements: it creates separate VPCs for development and production environments to ensure complete network isolation (no traffic between them), and it establishes a dedicated entry point VPC that peers with both environment VPCs, providing a single centralized entry from on-premises. This design prevents direct peering between development and production VPCs, eliminating inter-environment traffic while maintaining the required centralized access. Option A fails because peering environment VPCs directly could allow traffic between them. Option B uses shared VPC with subnets, which doesn't provide complete isolation as subnets within the same VPC can potentially communicate. Option C uses VPC Service Controls, which primarily focuses on data access security rather than network-level isolation and doesn't address the centralized entry point requirement effectively.

Explanation:

Comments (0)

No comments yet.

You are designing a secure network architecture that requires complete isolation between development and production environments, with no network traffic permitted between them. The network team has mandated a single, centralized entry point from the on-premises environment into the cloud network. What should you do?

Exam-Like

Last updated: May 16, 2026 at 14:02

Create one Virtual Private Cloud (VPC) network per environment. Add the on-premises entry point to the production VPC. Peer the VPCs with each other and create firewall rules to prevent traffic.

9.1%

Create one shared Virtual Private Cloud (VPC) network and use it as the entry point to the cloud network. Create separate subnets per environment. Create firewall rules to prevent traffic.

27.3%

Create one Virtual Private Cloud (VPC) network per environment. Create a VPC Service Controls perimeter per environment and add one environment VPC to each.

18.2%

Create one Virtual Private Cloud (VPC) network per environment. Create one additional VPC for the entry point to the cloud network. Peer the entry point VPC with the environment VPCs.