Answer-first summary for fast verification
Answer: 1. Create a private DNS zone with a CNAME record for *.googleapis.com to restricted.googleapis.com, with an A record pointing to Google's restricted API address range. 2. Create a custom route that points Google's restricted API address range to the default internet gateway as the next hop.
To enable Private Google Access (PGA) while adhering to the security team's requirements, you need to ensure that traffic destined for Google APIs bypasses the on-premises inspection route. This involves setting up a private DNS zone for the restricted.googleapis.com domain, which is compatible with VPC Service Controls, and creating a custom route for Google's restricted API address range to use the default internet gateway. Option A correctly outlines these steps without altering the default route for all internet-bound traffic, thus meeting the security requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To enable Private Google Access for specific subnets in your Virtual Private Cloud (VPC) while complying with your security team's requirements—where all internet-bound traffic is routed to an on-premises data center for inspection before egressing to the internet, and VPC Service Controls are implemented for API-level security—what additional configuration changes are needed beyond enabling Private Google Access on the subnets?
A
B
C
D