Answer-first summary for fast verification
Answer: 1. Set up a Dedicated Interconnect link between the on-premises environment and Google Cloud. 2. Configure private access using the restricted.googleapis.com domains in on-premises DNS configurations.
The question requires: 1) A private transport link, 2) Private API endpoint access from on-premises, and 3) VPC Service Controls enforcement. Dedicated Interconnect (option D) provides a private, dedicated connection meeting the private transport requirement. The restricted.googleapis.com domain is specifically designed for VPC Service Controls, ensuring APIs are only accessible through these controls as it only routes to services supporting VPC Service Controls. Options A and B use Cloud VPN and Partner Interconnect respectively, but Cloud VPN is less private than dedicated connections. Option C uses Direct Peering, which is less secure and doesn't inherently enforce VPC Service Controls. The community discussion strongly supports D with 100% consensus and upvoted comments emphasizing that restricted.googleapis.com is the clear choice for VPC Service Controls enforcement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You need to connect your on-premises network to an existing Google Cloud environment that has a Shared VPC with two subnets named Production and Non-Production. The solution must:
What should you do?
A
B
C
D
No comments yet.