Google Cloud Professional Cloud Architect — Question 247

Your company and one of its partners each have a Google Cloud project in separate organizations. Your company's project (prj-a) runs in Virtual Private Cloud
(vpc-a). The partner's project (prj-b) runs in vpc-b. There are two instances running on vpc-a and one instance running on vpc-b. Subnets defined in both VPCs are not overlapping. You need to ensure that all instances communicate with each other via internal IPs, minimizing latency and maximizing throughput. What should you do?

Answer options

• A. Set up a network peering between vpc-a and vpc-b.
• B. Set up a VPN between vpc-a and vpc-b using Cloud VPN.
• C. Configure IAP TCP forwarding on the instance in vpc-b, and then launch the following gcloud command from one of the instances in vpc-a gcloud: gcloud compute start-iap-tunnel INSTANCE_NAME_IN_VPC_8 22 \ --local-host-port=localhost:22
• D. 1. Create an additional instance in vpc-a. 2. Create an additional instance in vpc-b. 3. Install OpenVPN in newly created instances. 4. Configure a VPN tunnel between vpc-a and vpc-b with the help of OpenVPN.

Correct answer: A

Explanation

The correct answer is A because setting up network peering allows instances in different VPCs to communicate directly over internal IPs, which optimizes latency and throughput. Option B introduces a VPN, which may add unnecessary overhead compared to peering. Option C uses IAP TCP forwarding, which is not as efficient for direct communication. Option D involves creating additional instances and configuring OpenVPN, which is more complex and not needed when simpler solutions like peering exist.