Google Cloud Professional Cloud Network Engineer — Question 166

Your company recently migrated to Google Cloud. You configured separate Virtual Private Cloud (VPC) networks for Department A and Department B. You need to configure both VPC networks to have access to the same on-premises location through separate links with full isolation between the VPC networks. Your design must also query on-premises DNS servers from workloads in Google Cloud using conditional forwarding. You want to minimize operational overhead. What should you do?

Answer options

• A. Customize the operating system DNS configuration files to target the on-premises DNS servers.
• B. Keep the different VPC networks from both departments isolated with different on-premises links, and separate Cloud DNS private zones and Cloud DNS forwarding zones.
• C. Peer Department A's and Department B's VPC networks to have all on-premises connectivity via a single VPC network. Use separate Cloud DNS private zones and Cloud DNS forwarding zones.
• D. Configure a Cloud DNS Peering zone in Department A's VPC network pointing to Department B's VPC and a Cloud DNS outbound forwarding zone in Department B's VPC network. Use separate on-premises links in each VPC network.

Correct answer: D

Explanation

The correct answer is D because it allows for the required isolation between the two VPC networks while enabling conditional DNS forwarding to the on-premises servers. Option A does not provide the necessary isolation, while B unnecessarily complicates the setup with multiple zones. Option C defeats the purpose of isolation by peering the two networks together, which is not aligned with the requirement.