Answer-first summary for fast verification
Answer: Enable Private Google Access for the private subnet.
The correct answer is A because Private Google Access is specifically designed to allow instances in private subnets to access Google APIs and services (like Cloud Storage) without using public IP addresses or traversing the internet. This is the most direct and Google-recommended solution for this scenario. Option B (Private Service Connect) is for accessing services published by other VPCs or on-premises systems, not for accessing Google Cloud services. Option C (static external IPs) would expose instances to the internet, defeating the purpose of keeping them private. Option D (Cloud NAT) is for outbound internet access, not specifically for accessing Google services without internet traversal.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have multiple Compute Engine instances in a private subnet. How can you enable these instances to access Google Cloud services, such as Cloud Storage, without using the public internet?
A
Enable Private Google Access for the private subnet.
B
Configure Private Service Connect for the private subnet's Virtual Private Cloud (VPC) and allocate an IP range for the Compute Engine instances.
C
Reserve and assign static external IP addresses for the Compute Engine instances.
D
Create a Cloud NAT gateway for the region where the private subnet is configured.
No comments yet.