Question-10:You are employed by a firm that has a cooperation with both VMWare and NetApp in regard to the provision of networking solutions. Both a development team and a networking team are available at your organization. On Compute Engine instances, the development team's apps run, and such applications may include sensitive data. In order to continue work on Compute Engine, the development team needs administrative rights. Your organization mandates that the networking team take responsibility for the management of all network resources. The team responsible for software development does not want the team responsible for networking to have access to the sensitive data that is stored on the instances. What is it that you ought to do?
A. 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3. Use Cloud VPN to join the two VPCs.
B. 1. Create a project with a standalone Virtual Private Cloud (VPC), assign the Network Admin role to the networking team, and assign the Compute Admin role to the development team.
C. 1. Create a project with a Shared VPC and assign the Network Admin role to the networking team. 2. Create a second project without a VPC, configure it as a Shared VPC service project, and assign the Compute Admin role to the development team.
D. 1. Create a project with a standalone VPC and assign the Network Admin role to the networking team. 2. Create a second project with a standalone VPC and assign the Compute Admin role to the development team. 3. Use VPC Peering to join the two VPCs.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 3 Explanation: Regarding the same project and the same virtual private cloud (VPC), I was given the role of Network Admin for the networking team and the role of Compute Admin for the development team. Option-3. 1. Create a project that uses a Shared VPC and give the networking team the position of Network Administrator for that project. 2. Create a second project that does not include a VPC, configure it to function as a Shared VPC service project, and give the development team the Compute Admin role for that project. Option 3 is the most scalable solution because the development team will have multiple projects per app that they are developing, including projects for development, quality assurance, and production. Both a development team and a networking team are available at your organization. The division of roles is something that Google advises. Using shared VPC in a fashion that requires two projects to be completed by each team is not advised. Because the network team requires IAM to be given with that development project, the network team will not have access to the development team. In addition, the development project is able to share vpc using shared vpc. Only Option 3 makes use of a Shared VPC among the available choices. By definition, a Shared Virtual Private Cloud enables organization administrators to delegate administrative responsibilities to Service Project Administrators, such as the creation and management of instances, while still maintaining centralized control over network resources such as subnets, routes, and firewalls. Additional security precautions are typically a good idea for businesses that deal with compliance initiatives, sensitive data, or highly regulated data that is bound by compliance standards such as HIPAA or PCI-DSS. Isolating each of these environments within their own virtual private cloud (VPC) network is one strategy that can help improve security and make it simpler to demonstrate compliance. Shared VPC enables organization administrators to delegate administrative responsibilities to Service Project Admins, such as the creation and management of instances, while still maintaining centralized control over network resources such as subnets, routes, and firewalls. Examples of these responsibilities include: Only the power to build and administer instances that make use of the Shared VPC network is granted to Service Project Admins, who are also known as Developers.