Your company is moving its entire workload to Compute Engine. Some servers should be acce…

Question

Your company is moving its entire workload to Compute Engine. Some servers should be accessible through the Internet, and other servers should only be accessible over the internal network. All servers need to be able to talk to each other over specific ports and protocols. The current on-premises network relies on a demilitarized zone (DMZ) for the public servers and a Local Area Network (LAN) for the private servers. You need to design the networking infrastructure on
Google Cloud to match these requirements. What should you do?

Accepted Answer

Correct answer: A. A. 1. Create a single VPC with a subnet for the DMZ and a subnet for the LAN. 2. Set up firewall rules to open up relevant traffic between the DMZ and the LAN subnets, and another firewall rule to allow public ingress traffic for the DMZ. — The correct answer is A because it correctly identifies the need for a single VPC to simplify management while allowing both DMZ and LAN subnets to interact. Option B incorrectly states that public egress traffic is needed, which is not aligned with the requirement for public ingress traffic for the DMZ. Options C and D suggest creating separate VPCs, which complicates the networking setup unnecessarily and does not fulfill the requirement for inter-server communication over relevant ports and protocols.

Google Cloud Associate Cloud Engineer — Question 166

Answer options

Correct answer: A

Explanation