Google Professional Cloud Architect
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You are a cloud architect configuring the network architecture for a newly created project in Google Cloud Platform (GCP). The project will host applications using Compute Engine virtual machine (VM) instances. These instances will be deployed across two different subnets (sub-a and sub-b) within a single region:
• Instances in sub-a will have public IP addresses. • Instances in sub-b will have only private IP addresses.
For maintenance purposes, you need all instances, including those in sub-b, to be able to download updated packages from a public repository outside the boundaries of Google Cloud. What should you do to ensure that instances in sub-b can access the external repository while maintaining their private IP addresses?
Explanation:
The correct answer is B: Configure Cloud NAT and select sub-b in the NAT mapping section. Cloud NAT (Network Address Translation) enables instances in a private network (subnet without public IPs) to access the internet for downloading packages, updates, and other external communications without exposing them directly with external IP addresses. This is the recommended method to ensure secure and efficient internet access for instances that do not have public IP addresses. Other options such as Private Google Access, Bastion Hosts, and Identity-Aware Proxy do not provide the required functionality for this specific scenario.