ASSOCIATE-CLOUD-ENGINEER · Question #259
ASSOCIATE-CLOUD-ENGINEER Question #259: Real Exam Question with Answer & Explanation
The correct answer is C: Enable Private Google Access on the subnet within the custom VPC.. Private Google Access lets you connect VM instances to GCP services without external IP addresses and only internal. A is wrong because even though Private Services Access lets you also access GCP and other services through internal IPs, it also allows the VMs to have external ht
Question
You have an application that runs on Compute Engine VM instances in a custom Virtual Private Cloud (VPC). Your company's security policies only allow the use of internal IP addresses on VM instances and do not let VM instances connect to the internet. You need to ensure that the application can access a file hosted in a Cloud Storage bucket within your project. What should you do?
Options
- AEnable Private Service Access on the Cloud Storage Bucket.
- BAdd storage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter
- CEnable Private Google Access on the subnet within the custom VPC.
- DDeploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud
Explanation
Private Google Access lets you connect VM instances to GCP services without external IP addresses and only internal. A is wrong because even though Private Services Access lets you also access GCP and other services through internal IPs, it also allows the VMs to have external https://cloud.google.com/vpc/docs/private-google-access
Community Discussion
No community discussion yet for this question.