Your DevOps team uses Packer to create Compute Engine images with the following process:

An ephemeral Compute Engine VM is created.

A binary is copied from a Cloud Storage bucket to the VM's file system.

The VM's package manager is updated.

External packages are installed from the internet onto the VM.

Your security team has enabled the organizational policy constraint `constraints/compute.vmExternalIpAccess`, which restricts the use of external IP addresses on VMs. Your DevOps team has updated their scripts to not assign external IP addresses to the Compute Engine VMs, but the build pipeline is now failing due to connectivity issues.

What should you do? (Choose two.)

Exam-Like

Provision an HTTP load balancer with the VM in an unmanaged instance group to allow inbound connections from the internet to your VM.

Provision a Cloud NAT instance in the same VPC and region as the Compute Engine VM.

Enable Private Google Access on the subnet that the Compute Engine VM is deployed within.

Update the VPC routes to allow traffic to and from the internet.

Provision a Cloud VPN tunnel in the same VPC and region as the Compute Engine VM.

Google Professional Cloud Security Engineer