ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Subtask 1.3: Network/Storage/ComputeShared VPCNetworkingEnterprise ArchitectureSecurity

GCP PCA · Question 22 · Network/Storage/Compute

An enterprise organization has 50 different departments, each requiring their own GCP project for billing and resource isolation. However, the central security team mandates that all network traffic must route through a central firewall appliance, and departments must not manage their own external IP addresses. Which network architecture should you implement?

Answer options:

A.

Create a separate VPC in each of the 50 projects and use VPC Network Peering to connect them to a central security project.

B.

Create a Shared VPC in a central host project, attach the 50 department projects as service projects, and manage all subnets and firewalls in the host project.

C.

Deploy Cloud VPN tunnels between all 50 projects to create a hub-and-spoke topology.

D.

Put all resources for all 50 departments into a single GCP project to simplify network management.

How to approach this question

Look for the GCP feature that allows centralized network management across multiple isolated projects.

Full Answer

B.Create a Shared VPC in a central host project, attach the 50 department projects as service projects, and manage all subnets and firewalls in the host project.✓ Correct
Create a Shared VPC in a central host project, attach the 50 department projects as service projects, and manage all subnets and firewalls in the host project.
Shared VPC is the standard enterprise pattern in Google Cloud for centralized network administration. It allows a central team to define subnets, routes, and firewalls in a 'Host Project'. Other projects ('Service Projects') can then attach to this network and deploy resources (like VMs) into those subnets, maintaining project-level isolation for billing and IAM while enforcing centralized network security.

Common mistakes

Choosing VPC Peering (Option A). While peering connects networks, it is decentralized and does not scale well for a hub-and-spoke security model due to non-transitivity.
21All questions23

Practice the full GCP Professional Cloud Architect Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...HardQ02CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ03CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ04CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...MediumQ05CASE STUDY: TechStream Gaming Company Overview: TechStream Gaming is a global multiplayer game d...Medium
View all 50 questions →