Q: 13
You are designing a hybrid cloud environment for your organization. Your Google Cloud environment
is interconnected with your on-premises network using Cloud HA VPN and Cloud Router. The Cloud
Router is configured with the default settings. Your on-premises DNS server is located at
192.168.20.88 and is protected by a firewall, and your Compute Engine resources are located at
10.204.0.0/24. Your Compute Engine resources need to resolve on-premises private hostnames using
the domain corp.altostrat.com while still resolving Google Cloud hostnames. You want to follow
Google-recommended practices. What should you do?
Options
Discussion
Option D is the way to go. Had something like this in a mock and Google recommends using DNS Server Policies for hybrid environments, not just private zones or forwarding. The 35.199.192.0/19 range is used by Cloud DNS forwarding proxies, so the firewall rule has to allow that, not just your instance subnet. Pretty sure this lines up with real-world GCP setups but let me know if you disagree.
D imo. A is tempting but misses the point about DNS server policies, which is the Google-recommended way for hybrid setups like this. Option D also uses the right source IP range for DNS traffic. Open to pushback.
Why not just use a private forwarding zone alone here? Isn't the DNS Server Policy (D) needed for this kind of hybrid forwarding? The other options seem to miss that piece.
Pretty sure A makes sense here.
B . I remember some docs mentioning 35.199.192.0/19 for DNS but not sure if it's always required.
Probably D, practice exams and GCP docs both mention using DNS Server Policies plus letting traffic through from 35.199.192.0/19 for private DNS forwarding. Seen similar setups recommended in the official guide.
Be respectful. No spam.
