Answer-first summary for fast verification
Answer: Enable Private Google Access on the subnet within the custom VPC.
The correct answer is C. Enabling Private Google Access on the subnet within the custom VPC allows VM instances with only internal IP addresses to reach the external IP addresses of Google APIs and services, including Cloud Storage. This configuration ensures that the VM instances can access Google services without needing external IP addresses. Private Service Access on the Cloud Storage Bucket (Option A) is not applicable because Cloud Storage buckets do not support Private Service Access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has implemented an application that operates on Compute Engine VM instances within a custom Virtual Private Cloud (VPC). According to the company's security policies, only internal IP addresses are permitted on VM instances, and these instances are restricted from internet access. Given these conditions, you need to enable the application to access a file that is stored in a Cloud Storage bucket within your project. What steps should you take to accomplish this?
A
Enable Private Service Access on the Cloud Storage Bucket.
B
Add storage.googleapis.com to the list of restricted services in a VPC Service Controls perimeter and add your project to the list of protected projects.
C
Enable Private Google Access on the subnet within the custom VPC.
D
Deploy a Cloud NAT instance and route the traffic to the dedicated IP address of the Cloud Storage bucket.
No comments yet.