Answer-first summary for fast verification
Answer: Enable Private Google Access in the subnetwork. Deploy Dataflow using only internal IP addresses.
The correct answer is **B**. Enabling Private Google Access in the subnetwork allows instances without external IP addresses to access Google APIs and services, such as Cloud Storage and BigQuery, even in the absence of public IP addresses. This ensures the Dataflow pipeline can operate within the security team's constraints by using only internal IP addresses. - **Option A** introduces VPC Service Controls, which, while enhancing security, does not directly address the requirement for internal IP usage. - **Option C** focuses on firewall rules, which manage traffic but do not enforce the exclusive use of internal IP addresses. - **Option D** involves network tags for worker access but fails to ensure the restriction to internal IPs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are configuring a batch pipeline in Dataflow that processes data from Cloud Storage, transforms it, and then loads it into BigQuery. The security team has mandated that all Compute Engine instances must use internal IP addresses exclusively, without any external access. How can you deploy the batch pipeline in Dataflow while adhering to this security policy?
A
Create a VPC Service Controls perimeter that includes the VPC network, and designate Dataflow, Cloud Storage, and BigQuery as permitted services within this perimeter. Deploy Dataflow using only internal IP addresses.
B
Enable Private Google Access in the subnetwork. Deploy Dataflow using only internal IP addresses.
C
Configure firewall rules to permit access to Cloud Storage and BigQuery. Deploy Dataflow using only internal IP addresses.
D
Assign network tags to your workers to allow access to Cloud Storage and BigQuery. Deploy Dataflow using only internal IP addresses.
No comments yet.