An organization has multiple VPC networks and wants to allow traffic between them with fine-grained control over which VMs can communicate. Which solution should they implement?
VPC peering connects networks and firewall rules provide granular control.
Why this answer
VPC peering with firewall rules is the correct solution because it allows direct, private connectivity between two VPC networks while enabling fine-grained control over which specific VMs can communicate via firewall rules (ingress/egress). Unlike Shared VPC, which centralizes management but does not inherently provide per-VM granularity across separate VPCs, VPC peering combined with firewall rules allows you to restrict traffic based on source and destination tags, service accounts, or CIDR ranges. This meets the requirement for both inter-VPC traffic and granular VM-level control.
Exam trap
Google Cloud often tests the misconception that Shared VPC is the solution for inter-VPC traffic, but Shared VPC actually consolidates multiple projects into a single VPC, not connecting separate VPCs, while VPC peering with firewall rules provides the required granular control across distinct VPC networks.
How to eliminate wrong answers
Option A is wrong because Cloud Interconnect provides dedicated, high-bandwidth connectivity between on-premises networks and Google Cloud, not between multiple VPC networks within the same organization. Option B is wrong because Shared VPC allows multiple projects to share a common VPC network but does not enable traffic between separate VPC networks; it centralizes resources into one VPC, which contradicts the requirement of having multiple VPC networks. Option D is wrong because Cloud VPN creates an encrypted tunnel over the public internet, which is typically used for hybrid connectivity (on-premises to VPC) and adds latency and complexity; it is not designed for fine-grained VM-level control between VPCs, and firewall rules still apply but the underlying architecture is less direct than VPC peering.