Mountkirk Games needs to create a repeatable and configurable mechanism for deploying isolated application environments. Developers and testers can access each other's environments and resources, but they cannot access staging or production resources. The staging environment needs access to some services from production.
What should you do to isolate development environments from staging and production?
Creating separate projects for development, staging, and production environments ensures that each environment is isolated. In this setup, developers and testers can access each other's environments because they are within the same project, while staging and production environments are in distinct projects. This configuration adheres to best practices for resource isolation, allowing access management to be more precisely controlled. Additionally, staging having access to production services is achievable with proper IAM roles and permissions across projects.
Correct Answer is D. https://cloud.google.com/appengine/docs/standard/php/creating-separate-dev-environments
D is ok
not D, A
hey man...it should be D...
It's D!!!!
it is A
its standard but look at requirement given here
Correct is A
Agree with A
Incorrect. Not a best practice to have Staging and Prod resources in the same project. D is correct
by standard it is absolutely incorrect but here it is requirement. will you still separate it out?
"The staging environment needs access to some services from production" Its not the best practice, but A has less effort
D In the requirement, the staging environment needs access to production, not the other way around. Answer A could allow staging and production to access each other. In answer D, staging and production are in different project, you can limit the access from either side. So D is correct.
End goal is to separate dev from staging/production. Putting staging/production in same project fits the requirements. Further effort would be required to change access between Staging and Production projects that is out of scope of question. It is not best practice, but fits requirements of question.
yes and there is no mention of test environment in option D.
Best approach is D. A will also work based on question requirement
Different project don't isolate resources on each others because you can share a VPC (sharedVPC) and launch resources on the same subnet from differents projects. To isolate resources the only way is with differents VPC, ans B
different project by default isolates the resources
Although D is follows industry standards its an incomplete answer, it does not say anything about test. A is a much complete answer
Definitively D
I guess this is a tie up between best practices vs what this org (Mountkirk) demands. If this was a standard question on how to setup each env, then answer D fits. But for this use case, seems like A fits the bill. Further more, if all environments/projects are within same org setup, then resources can still be accesses across.
We have to follow the case requirements not the best practices.
Create a project for development and test and another for staging and production
There is another thread on this topic to iron out the choices and its mostly leaning D https://www.reddit.com/r/googlecloud/comments/kbkoev/gcp_question_environment_separations/
I think it is B, because you can create separate project for each environment (Test, dev, stage, prod) and connect to right network. You can use firewall rules to set communication between stage and prod.
D for sure
D for me.
as per conventional best practices.
D is ok
D repeatable and configurable mechanism - so a network each for dev/test, staging and prod is ideal. But as this option is not there I am choosing D - each one having a project.
Answer is D: Question asked is - "What should you do to isolate development environments from staging and production?". If the question meant to include "Test Environment", the question would have looked like this - "What should you do to isolate development & test environments from staging and production?" but that is not the case so the only logical answer will be to vote D.
better to separate each environment, why have to merge them?