You are designing a VPC network architecture for a multi-tier application. How should you organize subnets?

  1. No subnets required
  2. One subnet per region
  3. Separate subnets per tier (web, app, database) ✓
  4. All resources in a single subnet

Correct answer: Separate subnets per tier (web, app, database)

Option C is correct because separating workloads into tier-specific subnets, such as web, application, and database layers, enforces network segmentation that limits blast radius during a breach and enables precise firewall rules between each tier. Option A is wrong because subnets are fundamental to VPC design and their absence would mean all resources share the same network segment with no traffic isolation. Option B is wrong because one subnet per region ignores the logical separation required between tiers, making it impossible to apply different security policies to the web tier versus the database tier. Option D is wrong because placing all resources in a single subnet removes any network-layer boundary between tiers, so a compromised web server would have direct network access to the database.

Topic: · vpc, network segmentation, subnets, multi-tier architecture

Practice Google Cloud Professional Cloud Architect Questions Free