Google Cloud Professional Cloud Network Engineer — Question 133

You are designing a hybrid cloud environment. Your Google Cloud environment is interconnected with your on-premises network using HA VPN and Cloud Router in a central transit hub VPC. The Cloud Router is configured with the default settings. Your on-premises DNS server is located at 192.168.20.88. You need to ensure that your Compute Engine resources in multiple spoke VPCs can resolve on-premises private hostnames using the domain corp.altostrat.com while also resolving Google Cloud hostnames. You want to follow Google-recommended practices. What should you do?

Answer options

• A. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC. 2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target. 3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19. 4. Configure VPC peering in the spoke VPCs to peer with the hub VPC.
• B. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. 2. Associate the zone with the hub VPC. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke PCs, with the hub VPC as the target. 3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19.
• C. 1. Create a private forwarding zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com that points to 192.168.20.88. Associate the zone with the hub VPC. 2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target. 3. Set a custom route advertisement on the Cloud Router for 35.199.192.0/19. 4. Create a hub-and-spoke VPN deployment in each spoke VPC to connect back to the on-premises network directly.
• D. 1. Create a private forwarding zone in Cloud DNS for ‘corp altostrat.com’ called corp-altostrat-com that points to 192. 168.20.88. Associate the zone with the hub VPC. 2. Create a private peering zone in Cloud DNS for ‘corp.altostrat.com’ called corp-altostrat-com associated with the spoke VPCs, with the hub VPC as the target. 3. Sat a custom route advertisement on the Cloud Router for 35.199.192.0/19. 4. Create a hub and spoke VPN deployment in each spoke VPC to connect back to the hub VPC.

Correct answer: A

Explanation

The correct answer, A, provides the necessary steps to create a private forwarding zone and associate it with the hub VPC, allowing Compute Engine resources to resolve on-premises hostnames correctly. Other options either miss critical steps, such as creating the necessary peering zone or contain errors in configuration details, which would lead to failure in hostname resolution.