Answer-first summary for fast verification
Answer: Route all on-premises traffic to Google Cloud through an IPsec VPN tunnel to a VPC with Private Google Access enabled.
The question requires enforcing private connectivity, minimizing costs, and optimizing operational efficiency for on-premises hosts accessing Google Cloud APIs. Option B (IPsec VPN tunnel with Private Google Access) is optimal because it provides private connectivity through encrypted tunnels, is significantly cheaper than dedicated interconnect options, and is simpler to set up and maintain, aligning with cost minimization and operational efficiency. Private Google Access ensures API traffic stays within Google's network, avoiding public internet exposure. Option D (Dedicated/Partner Interconnect) offers higher reliability but at substantially higher costs and complexity, conflicting with the cost minimization requirement. Option A (VPC peering over internet) is insecure as it doesn't provide encrypted private connectivity. Option C (data encryption with KMS) addresses data protection but doesn't establish private network connectivity between on-premises and Google Cloud.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization has on-premises hosts that require access to Google Cloud APIs. You must enforce private connectivity, minimize costs, and optimize for operational efficiency.
What should you do?
A
Set up VPC peering between the hosts on-premises and the VPC through the internet.
B
Route all on-premises traffic to Google Cloud through an IPsec VPN tunnel to a VPC with Private Google Access enabled.
C
Enforce a security policy that mandates all applications to encrypt data with a Cloud Key Management Service (KMS) key before you send it over the network.
D
Route all on-premises traffic to Google Cloud through a dedicated or Partner Interconnect to a VPC with Private Google Access enabled.