Answer-first summary for fast verification
Answer: Public IP, Private Google Access
The question requires preventing both internet access and access to Google APIs/services. Option A (Public IP) must be disabled because assigning a public IP enables direct internet access. Option C (Private Google Access) must be disabled because it allows instances with only private IPs to reach Google APIs/services through internal Google networks. Option B (IP Forwarding) is incorrect as it controls packet forwarding between instances, not internet/API access. Option D (Static routes) is incorrect because while custom routes could enable internet access via NAT, the default route (0.0.0.0/0) is the key for internet access, not static routes generically. Option E (IAM Network User Role) is unrelated to network connectivity. The community consensus strongly supports A and C, with the highest upvoted comments (e.g., 34 upvotes) confirming this, and explanations noting that disabling Public IP blocks internet access and disabling Private Google Access blocks API/service access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your team needs to ensure that a Compute Engine instance cannot access the internet or any Google APIs and services. Which two settings must remain disabled to meet these requirements? (Choose two.)
A
Public IP
B
IP Forwarding
C
Private Google Access
D
Static routes
E
IAM Network User Role