Ultimate access to all questions.
Answer-first summary for fast verification
Answer: Turn on Private Google Access at the subnet level., Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
To allow VPC instances without public IPs to access BigQuery and Cloud Pub/Sub APIs without routing through the firewall, you should: 1. Turn on Private Google Access at the subnet level (Option A) to enable instances to use internal IPs for Google APIs, ensuring traffic stays within Google's network and bypasses the firewall. 2. Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway (Option D). This overrides the default firewall route for Google API traffic, ensuring traffic avoids the firewall even if external IPs are inadvertently used. Private Google Access (A) handles internal routing, while custom static routes (D) ensure explicit bypassing of the firewall for Google API traffic.
Author: LeetQuiz Editorial Team
You are using a third-party next-generation firewall to inspect traffic and have created a custom route (0.0.0.0/0) to route egress traffic to the firewall. You need to allow VPC instances without public IP addresses to access the BigQuery and Cloud Pub/Sub APIs directly, bypassing the firewall.
Which two actions should you take? (Choose two.)
A
Turn on Private Google Access at the subnet level.
B
Turn on Private Google Access at the VPC level.
C
Turn on Private Services Access at the VPC level.
D
Create a set of custom static routes to send traffic to the external IP addresses of Google APIs and services via the default internet gateway.
E
Create a set of custom static routes to send traffic to the internal IP addresses of Google APIs and services via the default internet gateway.
No comments yet.