GCP Professional Cloud Architect Practice Question
Your company operates three Google Cloud projects: app-prod, analytics-prod, and shared-svcs. Each project contains an auto-mode VPC with non-overlapping RFC 1918 CIDR ranges. Compute instances in app-prod and analytics-prod must privately consume internal APIs that run in shared-svcs over Google's private backbone. For regulatory compliance, the two business units must remain strictly isolated-traffic from app-prod must never reach analytics-prod and vice-versa. The network team also wants a low-latency solution that avoids additional network appliances and ongoing operational effort. Which connectivity design best meets these requirements?
Set up a Network Connectivity Center hub in shared-svcs and connect app-prod and analytics-prod as spokes using Dedicated Interconnect VLAN attachments.
Deploy HA Cloud VPN gateways in each project and build IPsec tunnels from app-prod and analytics-prod to shared-svcs, exchanging routes with Cloud Router.
Create two independent VPC Network Peerings: one between shared-svcs and app-prod, and another between shared-svcs and analytics-prod.
Convert shared-svcs into a host Shared VPC and attach app-prod and analytics-prod as service projects.
Creating two separate VPC Network Peering connections-one between shared-svcs and app-prod, and another between shared-svcs and analytics-prod-provides private, low-latency connectivity over Google's internal backbone without any gateways or appliances to manage. Because VPC Network Peering is non-transitive, routes learned over one peering are not propagated to another, so the two spoke VPCs (app-prod and analytics-prod) cannot communicate with each other, maintaining the strict isolation requirement. Peering involves no per-connection charge and uses standard intra-project egress pricing, so it generally costs less and has lower latency than HA VPN, and it is far simpler than deploying Network Connectivity Center with Dedicated Interconnect. Shared VPC would place all resources in a single VPC, making cross-project traffic inherently reachable unless carefully restricted with additional firewall rules, which adds operational complexity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VPC Network Peering in Google Cloud?
Open an interactive chat with Bash
How does non-transitive routing in VPC Network Peering work?
Open an interactive chat with Bash
What are the advantages of using Google's private backbone for connectivity?
Open an interactive chat with Bash
What is VPC Network Peering in Google Cloud?
Open an interactive chat with Bash
Why is VPC Network Peering non-transitive, and how does that help isolate traffic?
Open an interactive chat with Bash
How does VPC Network Peering achieve low-latency connectivity?
Open an interactive chat with Bash
GCP Professional Cloud Architect
Managing and provisioning a solution infrastructure
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .