Section 1: Designing,
planning, and prototyping a Google Cloud network (~26% of
the exam)
1.1 Designing an overall network architecture.
Considerations include:
â—Ź High availability, failover, and
disaster recovery strategies
â—Ź DNS strategy (e.g., on-premises,
Cloud DNS)
â—Ź Security and data exfiltration
requirements
â—Ź Load balancing
â—Ź Applying quotas per project and
per VPC
â—Ź Hybrid connectivity (e.g., Google
private access for hybrid connectivity)
â—Ź Container networking
â—Ź IAM roles
â—Ź SaaS, PaaS, and IaaS services
â—Ź Microsegmentation for security
purposes (e.g., using metadata, tags, service accounts)
1.2 Designing Virtual Private Cloud (VPC) instances.
Considerations include:
â—Ź IP address management and bring
your own IP (BYOIP)
â—Ź Standalone vs. Shared VPC
â—Ź Multiple vs. single
â—Ź Regional vs. multi-regional
â—Ź VPC Network Peering
â—Ź Firewalls (e.g., service
account-based, tag-based)
â—Ź Custom routes
â—Ź Using managed services (e.g.,
Cloud SQL, Memorystore)
â—Ź Third-party device insertion
(NGFW) into VPC using multi-NIC and internal load
balancer as a next hop or equal-cost multi-path (ECMP)
routes
1.3 Designing a hybrid and multi-cloud network.
Considerations include:
â—Ź Dedicated Interconnect vs.
Partner Interconnect
â—Ź Multi-cloud connectivity
â—Ź Direct Peering
â—Ź IPsec VPN
â—Ź Failover and disaster recovery
strategy
â—Ź Regional vs. global VPC routing
mode
â—Ź Accessing multiple VPCs from
on-premises locations (e.g., Shared VPC, multi-VPC
peering topologies)
â—Ź Bandwidth and constraints
provided by hybrid connectivity solutions
â—Ź Accessing Google Services/APIs
privately from on-premises locations
â—Ź IP address management across
on-premises locations and cloud
â—Ź DNS peering and forwarding
1.4 Designing an IP addressing plan for Google
Kubernetes Engine. Considerations include:
â—Ź Public and private cluster nodes
â—Ź Control plane public vs. private
endpoints
â—Ź Subnets and alias IPs
â—Ź RFC 1918, non-RFC 1918, and
privately used public IP (PUPI) address options