To meet PCI DSS requirements for outbound traffic authorization, which two Google Cloud services should be used without needing additional compensating controls? (Choose two.)