PROFESSIONAL-CLOUD-NETWORK-ENGINEER Question #250: Real Exam Question with Answer & Explanation

Question

Your organization, TerramEarth, is launching a global application to manage credit card payments. There are some client VMs inside the same VPC as the application that need to access this application privately. Due to compliance requirements, the internal clients cannot use the global external IP address of the application. Currently, Cloud DNS only resolves myglobalapp.terramearth.com to the public IP address with a public zone. The clients will need to reach myglobalapp.example.com, without using its external IP address. You need to configure Cloud DNS to follow this requirement while following Google-recommended practices. What should you do?

Options

• ACreate a sub-domain named internal.terramearth.com. Add the new DNS entry
• BConfigure a query logic script inside Cloud DNS to check the source IP address from the VPC,
• CConfigure a private zone for the application record (myglobalapp.terramearth.com) and point to
• DPromote the ephemeral IP address from the application VM to static, add this static ip address to

Explanation

To meet the compliance requirement of using private connectivity for internal clients while adhering to Google-recommended practices: - Create a private DNS zone in Cloud DNS for myglobalapp.terramearth.com and define an A record that resolves to the internal IP address of the application VM. - Bind the private zone to the VPC where the internal clients and the application reside. This ensures that DNS queries from VMs in the VPC resolve myglobalapp.terramearth.com to the private IP address instead of the public IP address. - With this setup, internal clients can access the application privately using its domain name while the public zone remains untouched for external users.

No community discussion yet for this question.