Google Cloud Professional Cloud Security Engineer — Question 36

Your team needs to configure their Google Cloud Platform (GCP) environment so they can centralize the control over networking resources like firewall rules, subnets, and routes. They also have an on-premises environment where resources need access back to the GCP resources through a private VPN connection.
The networking resources will need to be controlled by the network security team.
Which type of networking design should your team use to meet these requirements?

Answer options

• A. Shared VPC Network with a host project and service projects
• B. Grant Compute Admin role to the networking team for each engineering project
• C. VPC peering between all engineering projects using a hub and spoke model
• D. Cloud VPN Gateway between all engineering projects using a hub and spoke model

Correct answer: A

Explanation

The correct answer, A, is appropriate because a Shared VPC allows centralized management of networking resources in a host project while providing access to service projects. Option B does not provide the centralized control needed, while C and D focus on inter-project connectivity rather than centralized management and control.