In Google Cloud, which role must a project have to act as a Shared VPC host?
Think about which project controls the network resources.
The Shared VPC host project owns the network and requires the Network Admin role to manage it. Service projects use the network but do not own it.
Which statement best describes how a service project accesses resources in a Shared VPC?
Consider who controls the network and security policies.
Service projects use subnets from the host project's VPC network. Firewall rules are managed at the host project level, so service projects rely on those rules.
Which practice improves security when using Shared VPC across multiple service projects?
Think about minimizing permissions to reduce risk.
Granting least privilege using IAM roles limits access to only what is necessary, improving security. Owner role grants too many permissions. Firewall rules are managed centrally. VPC Service Controls enhance security.
What happens to the VM instances in a service project when it is detached from the Shared VPC host project?
Consider what happens when the network is no longer attached.
When a service project is detached from the Shared VPC, its VM instances lose access to the host project's network and lose network connectivity immediately.
You manage a Shared VPC for multiple departments in your organization. Which design approach best isolates network traffic while using a single Shared VPC host project?
Think about network segmentation within a Shared VPC.
Creating separate subnets per department and applying firewall rules to restrict traffic is the best practice to isolate network traffic while using a single Shared VPC host project. Multiple host projects increase complexity.