Answer-first summary for fast verification
Answer: Configure Private Google Access on the Compute Engine subnet, Avoid assigning public IP addresses to the Compute Engine cluster.
The question requires ensuring the workload cannot access or be accessed from the internet. Option A (Configure Private Google Access) allows instances without public IPs to access Google APIs and services (like Cloud Storage) via internal IPs, preventing internet access. Option B (Avoid assigning public IP addresses) directly prevents instances from being reachable from the internet. Together, these ensure no inbound or outbound internet connectivity while maintaining access to Cloud Storage. Option E (Cloud NAT gateway) is incorrect as it enables outbound internet access, violating the requirement. Option C (separate subnet) does not inherently block internet access. Option D (turn off IP forwarding) is unrelated to internet access control.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A customer is running an analytics workload on Google Cloud where Compute Engine instances access data stored in Cloud Storage. Your team needs to ensure this workload cannot access, nor be accessed from, the internet. Which two strategies should your team implement? (Choose two.)
A
Configure Private Google Access on the Compute Engine subnet
B
Avoid assigning public IP addresses to the Compute Engine cluster.
C
Make sure that the Compute Engine cluster is running on a separate subnet.
D
Turn off IP forwarding on the Compute Engine instances in the cluster.
E
Configure a Cloud NAT gateway.
No comments yet.