Google Cloud Professional Cloud Network Engineer — Question 198

Your organization is using a Shared VPC model. Service project owners want to independently manage their DNS zones in service projects. All service project workloads must be able to resolve all private zones that are defined in other service projects. You need to create a solution that meets these goals. What should you do?

Answer options

• A. Create a Cloud DNS private zone in each service project. Use a Cloud DNS forwarding zone to forward queries to the Shared VPC in the host project.
• B. Create a Cloud DNS private zone in each service project. Use Cloud DNS peering zones that target the Shared VPC in the host project.
• C. Create a Cloud DNS response policy zone in each service project. Use Cloud DNS peering zones that target the Shared VPC in the host project.
• D. Create a Cloud DNS private zone in each service project. Use cross-project binding to associate the zones to the Shared VPC in the host project.

Correct answer: D

Explanation

The correct answer is D because cross-project binding allows service projects to associate their DNS zones with the Shared VPC, enabling private DNS resolution across projects. Option A incorrectly suggests using a forwarding zone, which does not facilitate the necessary cross-project DNS resolution. Options B and C do not provide the cross-project binding required to meet the goal of shared DNS zone management across multiple service projects.