ASSOCIATE-CLOUD-ENGINEER Question #375: Real Exam Question with Answer & Explanation

Question

You are planning to migrate your on-premises VMs to Google Cloud. You need to set up a landing zone in Google Cloud before migrating the VMs. You must ensure that all VMs in your production environment can communicate with each other through private IP addresses. You need to allow all VMs in your Google Cloud organization to accept connections on specific TCP ports. You want to follow Google-recommended practices, and you need to minimize your operational costs. What should you do?

Options

• ACreate individual VPCs per Google Cloud project. Peer all the VPCs together. Apply organization
• BCreate individual VPCs for each Google Cloud project. Peer all the VPCs together. Apply
• CCreate a host VPC project with each production project as its service project. Apply organization
• DCreate a host VPC project with each production project as its service project. Apply hierarchical

Explanation

Shared VPC (host and service projects) is the Google-recommended practice for enabling centralized network management while allowing production workloads to run in separate projects. It enables VMs to communicate via private IPs across projects. Hierarchical firewall policies allow you to define and enforce organization-wide security rules (like allowing specific TCP ports) at the organization or folder level, minimizing repetitive configuration and improving security posture. This architecture is cost-effective and supports scalable, secure, and centralized operations.

No community discussion yet for this question.