Google Cloud Professional Cloud Network Engineer — Question 10

Your organization is deploying a single project for 3 separate departments. Two of these departments require network connectivity between each other, but the third department should remain in isolation. Your design should create separate network administrative domains between these departments. You want to minimize operational overhead.
How should you design the topology?

Answer options

• A. Create a Shared VPC Host Project and the respective Service Projects for each of the 3 separate departments.
• B. Create 3 separate VPCs, and use Cloud VPN to establish connectivity between the two appropriate VPCs.
• C. Create 3 separate VPCs, and use VPC peering to establish connectivity between the two appropriate VPCs.
• D. Create a single project, and deploy specific firewall rules. Use network tags to isolate access between the departments.

Correct answer: C

Explanation

Option C is correct because VPC peering allows for direct communication between the two necessary VPCs while keeping the third department isolated, thus creating distinct administrative domains. Option A does not provide the required isolation for the third department. Option B introduces unnecessary complexity with Cloud VPN, and Option D lacks the necessary separation of administrative domains, as it relies on firewall rules rather than distinct VPCs.