Answer-first summary for fast verification
Answer: Deploy a single Secure Web Proxy instance with global access enabled. Apply a Secure Web Proxy policy to allow access from machines that match the secure tag to the URLs defined in a URL list.
The question requires controlling internet access to specific URLs, including hostnames and paths, using a secure tag. Cloud NAT with FQDN firewall rules (Options A and B) can't inspect URLs/paths, only domains. Secure Web Proxy (SWP) is needed for URL-based filtering. Option C suggests deploying a single SWP with global access, allowing instances in any region to use it. SWP policies can filter by secure tag and URL lists. Although Option D suggests regional SWPs, Google Cloud's SWP with global access enables cross-region traffic handling without needing proxies in each region. Thus, Option C meets the requirements efficiently.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization has applications running in multiple regions that need internet access. You must manage internet access from these applications to specific URLs, including hostnames and paths. The compute instances hosting these applications have a secure tag assigned. What is the recommended solution?
A
Deploy a Cloud NAT gateway. Use fully qualified domain name (FQDN) objects in the firewall policy rules to filter outgoing traffic to specific domains from machines that match a service account.
B
Deploy a Cloud NAT gateway. Use fully qualified domain name (FQDN) objects in the firewall policy rules to filter outgoing traffic to specific domains from machines that match the secure tag.
C
Deploy a single Secure Web Proxy instance with global access enabled. Apply a Secure Web Proxy policy to allow access from machines that match the secure tag to the URLs defined in a URL list.
D
Deploy a Secure Web Proxy instance in each region. Apply a Secure Web Proxy policy to allow access from machines that match the secure tag to the URLs defined in a URL list.