Answer-first summary for fast verification
Answer: Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.
The correct answer is B because VPC peering establishes a private connection between VPC networks in different Google Cloud organizations, allowing communication using private IP addresses over Google's encrypted backbone network. This satisfies both requirements: encrypted network connection (as confirmed by Google documentation that VM-to-VM traffic within and between peered VPCs is encrypted) and private IP communication. Option A (Cloud VPN) uses public IP addresses for the tunnel establishment, which doesn't fully align with the private IP requirement. Option C (VPC Service Controls) is for service perimeter security, not direct network connectivity. Option D (Apigee) is an API management solution, not suitable for establishing private network connections between Compute Engine instances. The community discussion shows strong consensus for B (71% support), with key insights highlighting that VPC peering traffic is encrypted by default on Google's backbone and uses private IPs exclusively.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization hosts a financial services application on Compute Engine instances for a third-party company. The third-party company's servers, which will consume the application, are also running on Compute Engine in a separate Google Cloud organization. You need to configure a secure network connection between the Compute Engine instances with the following requirements:
A
Configure a Cloud VPN connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.
B
Configure a VPC peering connection between your organization's VPC network and the third party's that is controlled by VPC firewall rules.
C
Configure a VPC Service Controls perimeter around your Compute Engine instances, and provide access to the third party via an access level.
D
Configure an Apigee proxy that exposes your Compute Engine-hosted application as an API, and is encrypted with TLS which allows access only to the third party.