Google Cloud Professional Cloud Security Engineer Practice Exam

Which connectivity option is suitable for ensuring that communication between different application tiers does not traverse the public internet?

• A. Direct Peering
• B. VPC peering
• C. Cloud VPN
• D. Shared VPC

The correct answer is: VPC peering

VPC peering is particularly effective for ensuring that communication between different application tiers does not traverse the public internet because it provides a private and direct connection between two Virtual Private Clouds (VPCs). This direct link allows resources in each VPC to communicate internally using private IP addresses, ensuring that the data remains within Google's network infrastructure and is not exposed to the public internet. The primary advantage of VPC peering is its simplicity and efficiency. It does not require any intermediate routers or firewalls, thus minimizing latency and reducing the complexity of your network topology. This also strengthens security, as private communication channels are less susceptible to interception or unauthorized access compared to public internet traffic. Direct Peering, on the other hand, facilitates a direct connection from your on-premises network to Google Cloud, but it doesn't facilitate communication between different VPCs. Cloud VPN creates a secure tunnel over the public internet but still ultimately relies on internet pathways, which does not meet the requirement of avoiding internet traversal. Shared VPC allows multiple projects to share the same VPC network for resources, but it does not specifically prevent data from crossing the public internet unless configured properly with private connectivity options. Therefore, VPC peering stands out as the solution that inherently ensures private and