Your company has established a Cloud VPN tunnel between your on-premises data center and Google Cloud VPC. You must configure access to the Cloud Functions API for on-premises servers while adhering to these requirements:

• Data must remain within its originating project and not be exfiltrated to other projects.
• Traffic from on-premises servers with RFC 1918 addresses must access Google Cloud APIs without traversing the public internet.
• DNS resolution must be handled exclusively on-premises.
• The solution must only permit access to APIs supported by VPC Service Controls.

What is the correct configuration approach?

Exam-Like

A

Create an A record for private.googleapis.com using the 199.36.153.8/30 address range. 2. Create a CNAME record for .googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.

18.8%

B

Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range. 2. Create a CNAME record for .googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Configure your on-premises firewalls to allow traffic to the restricted.googleapis.com addresses.

50.0%

C

Create an A record for restricted.googleapis.com using the 199.36.153.4/30 address range. 2. Create a CNAME record for .googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Remove the default internet gateway from the VPC where your Cloud VPN tunnel terminates.

18.8%

D

Create an A record for private.googleapis.com using the 199.36.153.8/30 address range. 2. Create a CNAME record for .googleapis.com that points to the A record. 3. Configure your on-premises routers to use the Cloud VPN tunnel as the next hop for the addresses you used in the A record. 4. Configure your on-premises firewalls to allow traffic to the private.googleapis.com addresses.

12.5%

Powered ByGPT-5.2

Your company has established a Cloud VPN tunnel between your on-premises data center and Google Cloud VPC. You must configure access to the Cloud Functions API for on-premises servers while adhering to these requirements: • Data must remain within its originating project and not be exfiltrated to other projects. • Traffic from on-premises servers with RFC 1918 addresses must access Google Cloud APIs without traversing the public internet. • DNS resolution must be handled exclusively on-premises. • The solution must only permit access to APIs supported by VPC Service Controls. What is the correct configuration approach? | Google Professional Cloud Network Engineer Quiz - LeetQuiz