Google Associate Cloud Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: 1. Using Cloud VPN or Interconnect, create a tunnel to a VPC in Google Cloud. 2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel. 3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.

Option D is the correct answer as it aligns with Google's recommended practices for securely connecting on-premises applications to Google Cloud services. By using Cloud VPN or Interconnect, you can create a secure, private tunnel to a VPC in Google Cloud. Using Cloud Router to create custom route advertisements for the IP range 199.36.153.4/30 ensures that traffic to Google services is correctly routed without necessitating public IP addresses or internet access. Configuring your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com completes the secure setup, allowing on-premises servers to access Cloud Storage over this private connection.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your application is currently hosted on bare-metal servers within your own data center, and it requires access to Google Cloud Storage. Due to security policies, these servers are not allowed to have public IP addresses or any form of internet access. To ensure compliance with Google's best practices while providing your application with the necessary access to Cloud Storage, what actions should you take?

Exam-Like

Use nslookup to get the IP address for storage.googleapis.com. 2. Negotiate with the security team to be able to give a public IP address to the servers. 3. Only allow egress traffic from those servers to the IP addresses for storage.googleapis.com.

8.3%

Using Cloud VPN, create a VPN tunnel to a Virtual Private Cloud (VPC) in Google Cloud. 2. In this VPC, create a Compute Engine instance and install the Squid proxy server on this instance. 3. Configure your servers to use that instance as a proxy to access Cloud Storage.

24.1%

Use Migrate for Compute Engine (formerly known as Velostrata) to migrate those servers to Compute Engine. 2. Create an internal load balancer (ILB) that uses storage.googleapis.com as backend. 3. Configure your new instances to use this ILB as proxy.

7.9%

Using Cloud VPN or Interconnect, create a tunnel to a VPC in Google Cloud. 2. Use Cloud Router to create a custom route advertisement for 199.36.153.4/30. Announce that network to your on-premises network through the VPN tunnel. 3. In your on-premises network, configure your DNS server to resolve *.googleapis.com as a CNAME to restricted.googleapis.com.