Your organization's Google Cloud VMs, which host web services for external users, are deployed in a service project using a Shared VPC from a host project. The original instance template configured these VMs with public IP addresses. To reduce their internet exposure while still serving external users, you have recreated the instance template without a public IP and deployed it to a managed instance group (MIG). What is the next step you should take?

Exam-Like

Deploy a Cloud NAT Gateway in the service project for the MIG.

Deploy a Cloud NAT Gateway in the host (VPC) project for the MIG.

Deploy an external HTTP(S) load balancer in the service project with the MIG as a backend.

Deploy an external HTTP(S) load balancer in the host (VPC) project with the MIG as a backend.

Google Professional Cloud Security Engineer