Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers. Configure authorized networks to specify the desired on-premises subnets.

To meet the requirements of ensuring the GKE control plane is accessible only from the same VPC network and on-premises locations through private connectivity, the correct approach involves creating a GKE private cluster with a private endpoint. This setup ensures that the control plane is not exposed to the public internet. Configuring VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers is necessary to allow the predefined list of on-premises subnets to access the GKE control plane. While the question mentions configuring authorized networks, this is not applicable for private endpoints as they are inherently private and do not use authorized networks for access control. Therefore, the most accurate answer is to create a GKE private cluster with a private endpoint and configure the necessary VPC peering and route advertisements, making Option A the correct choice despite the minor inaccuracy regarding authorized networks.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your company has an existing Virtual Private Cloud (VPC) network in Google Cloud with established on-premises connectivity. You need to deploy a new Google Kubernetes Engine (GKE) application that should only be accessible from within the same VPC network and on-premises locations. Additionally, the GKE control plane must be exposed exclusively to a specific set of on-premises subnets via private connectivity. What steps should you take?

Exam-Like

Last updated: March 15, 2026 at 14:03

Create a GKE private cluster with a private endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers. Configure authorized networks to specify the desired on-premises subnets.

76.9%

Create a GKE private cluster with a public endpoint for the control plane. Configure VPC Networking Peering export/import routes and custom route advertisements on the Cloud Routers.

0.0%

Create a GKE private cluster with a private endpoint for the control plane. Configure authorized networks to specify the desired on-premises subnets.

23.1%

Create a GKE public cluster. Configure authorized networks to specify the desired on-premises subnets.