Google Professional Cloud Network Engineer

Ultimate access to all questions.

Explanation:

To allow VPC instances without public IPs to access BigQuery and Cloud Pub/Sub APIs without routing through the firewall, you should:

Turn on Private Google Access at the subnet level (Option A) to enable instances to use internal IPs for Google APIs, ensuring traffic stays within Google's network and bypasses the firewall.
Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway (Option D). This overrides the default firewall route for Google API traffic, ensuring traffic avoids the firewall even if external IPs are inadvertently used.

Private Google Access (A) handles internal routing, while custom static routes (D) ensure explicit bypassing of the firewall for Google API traffic.

Explanation:

To allow VPC instances without public IPs to access BigQuery and Cloud Pub/Sub APIs without routing through the firewall, you should:

Turn on Private Google Access at the subnet level (Option A) to enable instances to use internal IPs for Google APIs, ensuring traffic stays within Google's network and bypasses the firewall.
Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway (Option D). This overrides the default firewall route for Google API traffic, ensuring traffic avoids the firewall even if external IPs are inadvertently used.

Private Google Access (A) handles internal routing, while custom static routes (D) ensure explicit bypassing of the firewall for Google API traffic.

Comments (0)

No comments yet.

Exam-Like

Turn on Private Google Access at the subnet level.

30.0%

Turn on Private Google Access at the VPC level.

15.0%

Turn on Private Services Access at the VPC level.

5.0%

Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.

35.0%