Domain 2: Managing and Provisioning a Solution Infrastructure — GCP PCA Practice Question 24

How to approach this question

Understand the Shared VPC model: Networks live in the Host project, compute lives in the Service project. Users need 'User' access to the network.

Full Answer

B.Compute Network User role on the specific subnet in the Host Project.✓ Correct

In a Shared VPC, the network resources reside in the Host Project. To allow a developer in a Service Project to attach a VM to that network, the Shared VPC Admin must grant the developer the `roles/compute.networkUser` role. Best practice is to grant this on the specific subnet they need, rather than the entire Host Project.

Common mistakes

Granting roles on the Service Project (C). The network doesn't exist in the Service Project.

Your organization uses a Shared VPC architecture. Project A is the Host Project. Project B and Project C are Service Projects. A developer in Project B needs to create a Compute Engine instance attached to a subnet in the Shared VPC. Which IAM role must the developer be granted, and where?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Professional Cloud Architect Practice Exam 4

More questions from this exam