Google Cloud Networking: Cross-Communication between Separate Projects - Exam PCNE Answer

Implementing Cross-Communication between Separate GCP Projects

Prev Question Next Question

Question

In your company, two departments with separate GCP projects (code-dev and data-dev) in the same organization need to allow full cross-communication between all of their virtual machines in GCP.

Each department has one VPC in its project and wants full control over their network.

Neither department intends to recreate its existing computing resources.

You want to implement a solution that minimizes cost.

Which two steps should you take? (Choose two.)

Answers

A. Connect both projects using Cloud VPN.

B. Connect the VPCs in project code-dev and data-dev using VPC Network Peering.

C. Enable Shared VPC in one project (e. g., code-dev), and make the second project (e. g., data-dev) a service project.

D. Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.

E. Create a route in the code-dev project to the destination prefixes in project data-dev and use nexthop as the default gateway, and vice versa.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CE.

To enable full cross-communication between the virtual machines of two departments with separate GCP projects in the same organization, without recreating existing computing resources, the following two steps should be taken:

Connect the VPCs in project code-dev and data-dev using VPC Network Peering
Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa.

Here is a more detailed explanation of each step:

Connect the VPCs in project code-dev and data-dev using VPC Network Peering:

VPC Network Peering enables private communication between two VPC networks located in different projects. By creating a VPC Network Peering between the VPCs in the code-dev and data-dev projects, virtual machines in both projects can communicate with each other as if they were on the same network.

This approach allows both departments to retain full control over their respective VPCs and associated resources while still enabling communication between them.

Enable firewall rules to allow all ingress traffic from all subnets of project code-dev to all instances in project data-dev, and vice versa:

After the VPCs have been peered, firewall rules can be implemented to allow traffic between the subnets in the code-dev and data-dev projects.

The firewall rules should be configured to allow all necessary traffic between the subnets of both projects while still maintaining security. For example, you could allow SSH traffic between the subnets for administrative purposes or allow web traffic between specific virtual machines for application communication.

By implementing these two steps, both departments can communicate with each other's virtual machines securely without incurring additional costs or losing control over their respective VPCs.

The other options, such as connecting both projects using Cloud VPN, enabling Shared VPC in one project, and creating a route in the code-dev project to the destination prefixes in project data-dev are not as suitable for this scenario as they do not meet the requirement of minimizing cost and allowing full control over the respective networks of both departments.

Prev Question Next Question