Explanation:
The correct answer is B because VPC peering establishes a private connection between VPC networks in different Google Cloud organizations, allowing communication using private IP addresses over Google's encrypted backbone network. This satisfies both requirements: encrypted network connection (as confirmed by Google documentation that VM-to-VM traffic within and between peered VPCs is encrypted) and private IP communication. Option A (Cloud VPN) uses public IP addresses for the tunnel establishment, which doesn't fully align with the private IP requirement. Option C (VPC Service Controls) is for service perimeter security, not direct network connectivity. Option D (Apigee) is an API management solution, not suitable for establishing private network connections between Compute Engine instances. The community discussion shows strong consensus for B (71% support), with key insights highlighting that VPC peering traffic is encrypted by default on Google's backbone and uses private IPs exclusively.
Ultimate access to all questions.
No comments yet.
Your organization hosts a financial services application on Compute Engine instances for a third-party company. The third-party company's servers, which will consume the application, are also running on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances with the following requirements:
A
Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.
B
Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.
C
Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.
D
Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.