Answer-first summary for fast verification
Answer: Enable Private Google Access.
The question requires enabling VMs to access Cloud Storage while preventing internet access. Option C (Enable Private Google Access) is correct because it allows VMs with only internal IPs to access Google APIs and services, including Cloud Storage, without traversing the public internet, aligning with the security policy. This is supported by the community consensus (68% chose C) and Google's documentation. Option A (firewall rule) would block all internet traffic, including Cloud Storage access, which is not desired. Option B (NAT Gateway) enables internet access, violating the policy. Option D (mounting Cloud Storage) requires internet access for setup and is not a networking solution. The key insight is that Private Google Access specifically permits access to Google services without public internet exposure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A customer needs to run a batch processing system on Compute Engine VMs and store the output in a Cloud Storage bucket. The security policy prohibits the VMs from having any internet access. How can this be achieved?
A
Create a firewall rule to block internet traffic from the VM.
B
Provision a NAT Gateway to access the Cloud Storage API endpoint.
C
Enable Private Google Access.
D
Mount a Cloud Storage bucket as a local filesystem on every VM.
No comments yet.