Google Cloud Associate Cloud Engineer — Question 284

You are planning to migrate your on-premises VMs to Google Cloud. You need to set up a landing zone in Google Cloud before migrating the VMs. You must ensure that all VM in your production environment can communicate with each other through private IP addresses. You need to allow all VMs in your Google Cloud organization to accept connections on specific TCP ports. You want to follow Google-recommended practices, and you need to minimize your operational costs. What should you do?

Answer options

• A. Create individual VPCs per Google Cloud project. Peer all he VPC together. Apply organization policies on the organization level.
• B. Create individual VPCs for each Google Cloud project. Peer ail ne VPCs together. Apply hierarchical firewall policies on the organization level.
• C. Create a host VPC project with each production project as its service project. Apply organization policies on the organization level.
• D. Create a host VPC project with each production project as its service project. Apply hierarchical firewall policies on the organization level.

Correct answer: D

Explanation

The correct answer is D because creating a host VPC project with service projects allows for efficient management of network resources and hierarchical firewall policies facilitate better control over network access while minimizing costs. Options A and B involve creating multiple VPCs which complicate connectivity and management, while option C does not utilize hierarchical firewall policies, which are recommended for better security management.